ACL

roomawakar · ‎08-30-2024

Hi All,

There is a field called 'security task' over the incident form and if this is checked while creating the incident, this incident should be only visible to the users in the particular group which contains role as u_it_security_user and should not be visible to the requester as well.

So, i have written an read operation ACL on the incident table but this ACL isn't working. Attached is the screenshot.

Can someone please check where am I making mistake.

Thanks,

Rooma

Sandeep Rajput · ‎08-30-2024

@roomawakar When you say ACL isn't working, does it mean the users without u_it_security_user are able to read the incidents? If yes, then probably there other ACLs which are allowing the read access to the incident. You need to deactivate those ACLs/add conditions to them so that only this ACL can be evaluated.

The best way to address ACL related issues is to use the Access Analyser https://docs.servicenow.com/bundle/xanadu-platform-security/page/integrate/identity/concept/explore-...

Hope this helps.

roomawakar · ‎08-30-2024

@Sandeep Rajput I tried deactivating all the read ACL one by one and added the condition as well but still not working. It is visible to ITIL users which shouldn't be the case.

Thanks,

Rooma

Brian Lancaster · ‎08-30-2024

Couple things. Since you using an advanced script you don't need to set the role. in the sys user role section. In your code you can just do var userObject = current.caller_id. The last thing you have no condition on when this should run which mean it may always try to run. You need a condition of security_task is true.

roomawakar · ‎08-30-2024

@Brian Lancaster I tried adding the conditions as well. Removed the role from the role section but still no luck.

Thanks,

Rooma