Allowing user to submit form without read access

mmujica · ‎01-24-2017

I have a table with a form to submit to it. I want users to be able to submit the form, but not see the list of records created in the table.

I did this by going to the table ACLs and setting Read and Delete to Admin role only. This does prevent the user from looiking at the list of records. But it also removes the fields from the form. So when I try to fill the form (impersonating a lower-permission user), there are no fields to fill. How can I prevent user from looking at the list, while allowing them to fill out the form?

Patrick Schult2 · ‎01-24-2017

This is kind of tricky to do without using a record producer. If you don't want to use a record producer, you need to configure your ACLs like this:

Your user needs to pass these ACLs:

1. table/read > use a scripted condition to only pass users on new records. Think of it like this - the user has to be able to read the record that they are creating...otherwise how would they know which fields are available?

answer = current.isNewRecord();

2. table/create > this lets the user see the Submit button

3. table.*/create OR table.field_name/create > you need to specify exactly which fields the user can write to when creating. You can do that by using a wildcard (user can write to any field when creating), or by defining ACLs for the individual fields.

You don't need to grant write access for this situation, you can safely restrict that to admin or whatever other condition you want.

I don't recommend doing it like this. it's complicated to set up and maintain. If you want users to only be able to create, and not read anything, don't grant them any access to the table, period, and make them use a record producer.

Create a record producer

The SN Nerd · ‎01-24-2017

Seconded; use a record producer.

Maps variable to the appropriate fields.

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022