ACL to prevent Updated and Updated by fields from being edited in list view

Go to solution
clyon
Tera Guru

‎07-11-2017 07:09 AM

I created a new table and have the permission working as I need them with the exception of the ability of the user to be able to update the Updated and Updated by fields on the list view.

I have the following ACL's for this requirement

1. write - table - None

     User role

2. list_edit - table - Updated

     no role specified

 

I know the first ACl i have give the write ability to the user role for all. I would have assumed that by adding the 2nd Acl that that would have locked it down.

I also have tried the following ACL's

1. write - table -  Sensitive Data

     User role

2. write - table -  Protection Method Code

     User role

3. write - table - Comments

     User role

I thought this would have given write abiility to these 3 fields for the user, and not for the other fields not specified.

What am I missing?

Labels:
0 Helpfuls
  • 3,716 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron

‎07-11-2017 07:16 AM

Hi Christina,



Use the list_edit operation and give it the role 'nobody'. Alternatively, you can use a condition that is never going to be satisfied like "updated | is empty" or check Advanced and put in the script field



answer=false;



You only need one to be true. Any of those will defeat list editing for that field.



Docs: Access control rules


Docs: Contextual security  


Security Best Practices - ServiceNow Wiki


View solution in original post

3 REPLIES 3

Go to solution
Chuck Tomasi
Tera Patron

‎07-11-2017 07:16 AM

Hi Christina,



Use the list_edit operation and give it the role 'nobody'. Alternatively, you can use a condition that is never going to be satisfied like "updated | is empty" or check Advanced and put in the script field



answer=false;



You only need one to be true. Any of those will defeat list editing for that field.



Docs: Access control rules


Docs: Contextual security  


Security Best Practices - ServiceNow Wiki


Go to solution
rob_pastore
ServiceNow Employee
ServiceNow Employee
In response to Chuck Tomasi

‎07-11-2017 07:18 AM

Agree with Chuck.



Also worth noting that these fields should be read only OOB - make sure you are not testing as an admin.   I would think they would be the only ones who could update these fields anyway.


Go to solution
clyon
Tera Guru

‎07-11-2017 07:28 AM

I used the answer=false; in the script field and that did the trick.   Thanks!!!


0 Helpfuls