Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

ACL

si21
Tera Guru

‎03-05-2025 09:52 AM

Hi experts,

We have below ACLs for read operation on sys_user table.

sys_user  with public role

sys_user.* with snc_internal role.

sys_user.name with snc_internal role.

sys_user.email with snc_internal role.

 

What should be the expected behaviour of these ACLs?

 

Would an snc_internal user (say Abel Tuter) see only name and email fields? or all the fields on the user table?

If I want Abel  to read company field also, should I create another read ACL like sys_user.company with snc_internal role.

 

TIA

0 Helpfuls
  • 370 Views
1 REPLY 1

Chaitanya ILCR
Mega Patron

‎03-05-2025 10:18 AM

Hi @si21 ,

 

  • sys_user with public role: This ACL allows any user with the public role to read the entire sys_user table.
  • sysuser.* with snc_internal role: This ACL allows users with the snc_internal role to read all fields in the sys_user table except those which have field level acls defied like (name and email in this case)
  • sysuser.name and sysuser.email with snc_internal role: This ACL allows users with the snc_internal role to read the name field in the sys_user table. ( you don't need these considering role is not different from sys_user*)

 

Abel Tuter would be able to see all fields on the sys_user table because of the sys_user.* ACL, which grants access to all fields since he has snc_internal role.

you don't need to create another read ACL for sys_user.company with the snc_internal role, as the sys_user.* ACL already grants access to all fields, including company.

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

0 Helpfuls