ACL

Go to solution
Mark Wood
Tera Contributor

‎04-01-2025 06:08 AM

Hello Team,

I am working on the following requirement:

I have achieved the desired functionality using a client script, but we need to implement an ACL for proper enforcement.

Requirement:
When the Incident State changes to "Resolved," all fields should become read-only, and the "Assignment Group" field should be hidden for all users except the Incident Manager.

Current Challenge:
As an ITIL user, I can still access the fields when the state is "Resolved," likely due to an out-of-the-box (OOTB) ACL. The goal is to ensure that when the state is "Resolved," all fields are read-only, and the "Assignment Group" field is hidden for all logged-in users except the Incident Manager.

How can we achieve this through ACL implementation without touching OOTB ACL?

0 Helpfuls
  • 767 Views
1 ACCEPTED SOLUTION

Go to solution
Vishal Jaswal
Giga Sage

‎04-01-2025 07:01 AM - edited ‎04-01-2025 08:20 AM

Hello @Mark Wood 

1. ACL --> To make all Resolved Incident fields read only

Navigate to All > System Security > Access Control (ACL) > Click New (table name: sys_security_acl) 

VishalJaswal_0-1743515864629.png

VishalJaswal_1-1743515882685.png



Validation Results:

itil user before

VishalJaswal_2-1743515923400.png

itil user after ACL:

VishalJaswal_3-1743516033368.png

 

2. UI Policy --> Show Assignment group field for Resolved Incidents only to users with incident_manager role

VishalJaswal_3-1743520655053.png

 

VishalJaswal_5-1743520784893.png

 

NOTE: It is recommended for UI Policy Script to have both Execute if true and Execute if false 

Execute if true:

function onCondition() {
    if (!g_user.hasRole('incident_manager')) {
        g_form.setDisplay('assignment_group', false);
    }
}

 Execute if false:

function onCondition() {
    if (g_user.hasRole('incident_manager')) {
        g_form.setDisplay('assignment_group', true);
    }
}

 


Hope that helps!

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Vishal Jaswal
Giga Sage
In response to Ankur Bawiskar

‎04-01-2025 07:49 AM

and the goal is to ensure that when the state is "Resolved," all fields are read-only.




Hope that helps!
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Vishal Jaswal

‎04-01-2025 11:21 PM

@Vishal Jaswal 

all fields are OOB read-only when INC is resolved due to OOB Table.None ACL

There are the OOB ACLs

https://instanceName.service-now.com/sys_security_acl_list.do?sysparm_query=name%3Dincident%5Eoperation.nameSTARTSWITHwrite%5Eactive%3DTrue&sysparm_view=

 

The requirement was to hide that particular field based on State and Role

 

AnkurBawiskar_0-1743574838027.png

 

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls