Baseline public ACL on sys_user table?

Svetozar2022 · ‎11-09-2023

Hello,

I've noticed a public role on a table level ACL on the User table so I am wondering why it's public and if there are any serious consequences if the role is replaced with another one like snc_internal. Using this role, I've tested it and it seems that login is not hindered.

The script in that ACL is unusual as it prevents anybody from accessing the table unless the user is same to the currently viewed user record but anyway why public and not some role that all internals or externals have?

Ankur Bawiskar · ‎11-09-2023

@Svetozar2022

Is that ACL an OOB one?

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · ‎11-09-2023

@Svetozar2022

I believe that ACL is to allow unauthenticated users to see users possibly in some catalog form etc if they want to submit any request.

there's already 1 for snc_internal so no need to replace.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Svetozar2022 · ‎11-09-2023

This is an OBB ACL. The script part of the ACL is limiting it to the authenticated user with the same Sys ID as the record being read. In other words if the user is the same as the user record, then it will let the public role user??? see the record.

It does not make sense to have the public role there but as you say, it can be related to some catalog item variables with reference field to User table being seen by the unauthenticated users but the script part of that ACL limits that possibility greatly.