ACL

roomawakar
Tera Contributor

‎05-05-2025 04:15 AM

Hi All,

 

I have a request to make a field visible only if the user is having ITIL or admin role and if the class is cmdb_ci_appl, u_cmdb_ci_saas_application and cmdb_ci_service_discovered.

 

I have written an ACL to allow the read operation only if the class name is cmdb_ci_appl, u_cmdb_ci_saas_application and cmdb_ci_service_discovered and the roles are ITIL and admin, but this isn't working.

 

Can someone please help where I am doing wrong.

Screenshot attached.

 

Thanks,

Rooma

Preview file
91 KB
0 Helpfuls
  • 525 Views
9 REPLIES 9

Nilesh Pol
Tera Guru

‎05-05-2025 04:26 AM

@roomawakar 

please use OR between multiple class values instead of AND.

and inplace of the required roles, use script: (gs.hasRole('itil') || gs.hasRole('admin'))

and 

Go to: https://<instance>/<table_name>.do?sys_id=<record_id>&sysparm_acl_test=true for ACL debbuger.

0 Helpfuls

roomawakar
Tera Contributor
In response to Nilesh Pol

‎05-05-2025 05:42 AM

@Nilesh Pol It is not working. made the changes. I enabled the debugger as well. It is showing as allowed.

Preview file
67 KB
0 Helpfuls

J Siva
Tera Sage

‎05-05-2025 04:31 AM - edited ‎05-05-2025 04:32 AM

Hi @roomawakar 
Change the ACL type "Deny-Unless". Also check the "Admin Overrides" checkbox instead of adding admin role explicitly. Aslo in the filter conditon use OR operator

JSiva_0-1746444615076.png

Regards,
Siva

 

0 Helpfuls

roomawakar
Tera Contributor
In response to J Siva

‎05-05-2025 05:42 AM

@J Siva Isn't working. Made the changes and tested.

0 Helpfuls