ACL

roomawakar
Tera Contributor

‎05-05-2025 04:15 AM

Hi All,

 

I have a request to make a field visible only if the user is having ITIL or admin role and if the class is cmdb_ci_appl, u_cmdb_ci_saas_application and cmdb_ci_service_discovered.

 

I have written an ACL to allow the read operation only if the class name is cmdb_ci_appl, u_cmdb_ci_saas_application and cmdb_ci_service_discovered and the roles are ITIL and admin, but this isn't working.

 

Can someone please help where I am doing wrong.

Screenshot attached.

 

Thanks,

Rooma

Preview file
91 KB
0 Helpfuls
  • 525 Views
9 REPLIES 9

J Siva
Tera Sage
In response to roomawakar

‎05-05-2025 05:58 AM

@roomawakar 

Since you are creating this acl directly in the cmdb_ci table, the child table acl might be overriding this.

So create "Deny unless" ACL on each ci class separately.

0 Helpfuls

roomawakar
Tera Contributor
In response to J Siva

‎05-05-2025 06:23 AM

@J Siva This one isn't working as well.

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

‎05-05-2025 04:42 AM

@roomawakar 

Is that a custom field?

Use OR instead of AND as you want to check either of those tables

Otherwise it's good.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

roomawakar
Tera Contributor
In response to Ankur Bawiskar

‎05-05-2025 05:43 AM

Hi Ankur, Yes it is a custom field. I made the changes as suggested but isn't working.

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to roomawakar

‎05-05-2025 06:27 AM

@roomawakar 

Did you check which ACL is blocking?

Did you check that using access analyzer?

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls