ACL Understanding

sainath3 · ‎12-07-2024

Hi All,

I have created a table: u_database

Created user's with roles are:

Test user 1 having Demo role, test user 2 having Demo2 role, both these users having table level ACL(u_database_user).

Now i have modified existing Create ACL ( table.None 😞 removed table acl & added Demo role.

Output:

Only Test user1 having access to create the record from both list view & form view, Test user2 don't have access to create a record from both list view & form view.

My question's :

1. what is the difference between table.None & Table.*.

in both the scenarios who don't have a role they are able to access it from both list view & Form view.

2. even If I uncheck the Admin override, how Admin is able to access the records, because Admin don't have table level acl.

my requirement:

User can't create a record from list view & but he should create it from form view.

Ravi Chandra_K · ‎12-07-2024

Hello @sainath3

1. Table.none is a Table level ACL, which means users have access to the Table. user should have access to Table if they want to access any field in the Table.

Table.* gives access to all the fields in the Table.

2. Are there read ACLs on the Table? In the screenshot it is create ACL which is the access to create records.

3. for this, you can hide the new button on that particular table

https://www.servicenow.com/community/now-platform-articles/how-to-hide-new-button-or-any-button-in-l...

Please mark the answer as helpful and correct if helped.

Kind regards,

Ravi Chandra

sainath3 · ‎12-07-2024

Thanks Ravi for the quick response.

I have applied same for Read ACL --> table.None-- here only the users who have it, they are able to see the records from list view & form.

then i have modified the ACL to table.* I see same results, only the users who have it, they are able to see the records from list view & form.

Can you please elaborate the difference between table level & record level.

Ravi Chandra_K · ‎12-07-2024

Hello @sainath3

Same example as Ranjay mentioned, Imagine a house (table) has lock. and it has lot of cupboards (fields) with seperate locks.

Imagine a house (table) has lock. and it has lot of cupboards (fields) with seperate locks.

If you want to access the cupboard, you should have access to house first.

So you should have house lock along with specific cupboard lock.

Table.none - gives access to the Table. (User first should have this. access to house, remember)

Table.* - gives access to the fields. (access to all cupboards in the house)

If you remove Table.none and keep Table.*, it won't work.

now the below explanation makes sense. even if user has field ACL, if the user has no access to table, then user cannot access the fields in the Table.

please mark the answer as correct and helpful if helped!

Kind Regards,

Ravi Chandra.

Runjay Patel · ‎12-07-2024

Hi @sainath3 ,

Let me try to explain the acl.

table.none - this acl provides you access to your record, assume if you wanna enter to your house then you need key, table.none is the key.

Now assume you have the key to enter to your house but if you want to enter to any room inside the house you need another key that table.* or table.fieldname. * denotes to all rooms for that house.

Now based on your scenario to create record from form view you need to control the ui action. Add conditions in ui action like gs.hasRole(“demo1”).

for list view you can create new ui action and put action same as oob ui action so that oob one can be hidden and for new ui action put condition like 1==2 . While doing this ui action won’t be visible in list view

Accept and like the solution if it helped