- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2017 02:36 PM
I have a form that can only be created by one group, let's call it Site_admon. Site_admon group can edit ALL of the fields in that form. There's another group that can only edit some of the fields of that form, let's call it Site_users. I am having problems with the ACL's I created to have Site_users group members edit the fields they're supposed to edit, box1, box2, and box3. The table's name is SITES.
At this point both groups are able to edit ALL of the fields. This is fine for group Site_admon but not Site_users.
The ACL's are created are as follows:
SITES none write Required Roles: Site_admon, Site_users
SITES.BOX1 write Required Roles: Site_users
SITES.BOX2 write Required Roles: Site_users
SITES.BOX3 write Required Roles: Site_users
What am I missing? What do I need to change?
I'll apreciate your feedback.
Solved! Go to Solution.
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2017 04:35 PM
Hi Luis!
You are looking to enforce field level ACLs. For that to happen, you should grant access at the higher level, and the lock down one by one. These are the ACLs that should be in place for the scenario you mentioned to work.
1) SITES none - write - Required Roles: Site_admon, Site_users
2) SITES.* - write - Required Roles: Site_admon
3) SITES.BOX1 - write - Required Roles: Site_users, Site_admon
4) SITES.BOX2 - write - Required Roles: Site_users, Site_admon
5) SITES.BOX3 - write - Required Roles: Site_users, Site_admon
This will give complete write access to Site_admon, but Site_users can only write to the fields BOX1, BOX2 and BOX3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2017 03:42 PM
Use debugger to check which ACL might be causing this.
http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules#Debugging
Mark Correct if it solved your issue or hit Like and Helpful if you find my response worthy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-27-2017 04:35 PM
Hi Luis!
You are looking to enforce field level ACLs. For that to happen, you should grant access at the higher level, and the lock down one by one. These are the ACLs that should be in place for the scenario you mentioned to work.
1) SITES none - write - Required Roles: Site_admon, Site_users
2) SITES.* - write - Required Roles: Site_admon
3) SITES.BOX1 - write - Required Roles: Site_users, Site_admon
4) SITES.BOX2 - write - Required Roles: Site_users, Site_admon
5) SITES.BOX3 - write - Required Roles: Site_users, Site_admon
This will give complete write access to Site_admon, but Site_users can only write to the fields BOX1, BOX2 and BOX3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2017 11:39 AM
Veena,
You got it! That was the solution. I was missing #2. Thank you.
I want to mark it as the Correct Answer but I don't see the option. I always have that problem.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-30-2017 11:53 AM
Hi Luis!
Glad you got it working. Please check out this article: How To Mark Answers Correct From Community Inbox
