ACLs are acting different on fields that are different scope than their table

Xarielah6351749 · 2 hours ago

Hello,

Given the HR Lifecycle Event (sn_hr_le_case) table, I have applied 2 wildcard ACLs:

1. "sn_hr_le_case.*" with condition "HR Service is 123" that allow all fields only if the script returns true.

2. "sn_hr_le_case.*" with condition "HR Service is NOT 123", that is just the wildcard out of the box one.

Then added few field ACLs with condition "HR Service is 123" and generically allow access for snc_internal role and they show as expected.

The problem is with custom fields that were created for the HR LCE Case table but with a different scope - "Agent Workspace for HR Case Management", those ACLs just don't work and they are shows as orange "Passed" when using Access Analyzer.

Anyone experienced that?

GlideFather · 43m ago

Hi @Xarielah6351749

please share that ACLs to see how it was configured.

Also, you posted the same question 3x, please avoid to create duplicate questions

_____
100 % GlideFather experience and 0 % generative AI

PankajK67712898 · 28m ago

Hi @Xarielah6351749 ,

This is a common issue and can be fixed using security attributes. PFB the below youtube video to understand what exactly needs to be done here.

ServiceNow ACL Security Attributes : Fix Cross-Scope Permissions in 3 Clicks - YouTube

If this helped you, please mark this helpful and accepted.

Thanks,

Pankaj Kumar

Xarielah6351749 · 4m ago

Well thats great to hear that there is a solution for that!

But actually I'm doing no condition besides that "HR Service = X", so I don't need (or do I?) a security attribute that'll run more conditions, its the other way around - when all the fields are blocked with the wildcard ACL, I want few only few fields to be exposed