Can any explain the difference between ACL with tablename-none and ACL with tablename-*

mayanksinghrath · yesterday

Suppose I have a table with 40 columns I want to show the end user only 10 columns how to do that?

NagaChandaE · 4 hours ago

tablename.none ACL controls record-level access. It decides whether a user can see or access a record at all in a table. If this ACL fails, the user cannot view the record, and no field-level access will be evaluated.

tablename.* ACL controls field-level access for all fields in the table. It acts as a default rule to determine whether users can view or edit the fields inside a record. It is applied only after record access is granted and can be overridden by specific field ACLs.

If you want to show only 10 records (rows) to the end user,restrict record visibility using record-level ACL (tablename.none) based on specific conditions. This way, even if the table has many records, the user will only see the limited set that matches the defined criteria.

Ankur Bawiskar · 3 hours ago

@mayanksinghrath

Table.None -> Table level ACL

Table.* -> Applies to all fields on that table

Since you want end user to see only 10 columns then ensure you create 10 field level READ ACL and add relevant role etc or script

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

Pavan Srivastav · 3 hours ago

1. Difference between ACL with tablename-none and ACL with tablename

ACL with tablename (e.g., incident):
This ACL applies to the entire table. Users must pass this table-level ACL to access any records in the table. If a user fails the table ACL, they cannot access any fields in the table.
ACL with tablename-none (e.g., incident.None):
This is not a standard ACL type. Typically, ACLs are defined as either table-level (e.g., incident) or field-level (e.g., incident.number). There is no "none" field; instead, ACLs are created for specific fields or for the table as a whole. The closest concept is a table ACL (tablename) versus a field ACL (tablename.fieldname) 1️⃣2️⃣.

2. How to show only specific columns to end users

Field-level ACLs:
To restrict which columns (fields) are visible to end users, create field-level ACLs for each field you want to control.
- If you want users to see only 10 out of 40 columns, ensure that field-level "read" ACLs exist for those 10 fields and that users have permission to pass them.
- For the remaining 30 fields, either do not create "read" ACLs for those fields for the user roles, or explicitly deny access.
Processing order:
- Users must pass both the table ACL and the field ACL to access a field.
- If a user passes the table ACL but fails a field ACL, they cannot see that field (column) 1️⃣2️⃣.
Additional controls:
- The "add_to_list" ACL operation can prevent users from viewing or personalizing specific columns in list views, but conditions and scripts are not supported for this operation 1️⃣2️⃣.
- ACLs can be configured with roles, conditions, or scripts to fine-tune access 3️⃣.

Summary Table:

| ACL Type | Applies To | Use Case | |-------------------------|-------------------|------------------------------------------------| | Table ACL (tablename) | Whole table | Controls access to any record in the table | | Field ACL (tablename.fieldname) | Specific field | Controls access to a specific column/field |

To show only specific columns, configure "read" field ACLs for those columns and ensure users do not have access to the others 3️⃣1️⃣2️⃣.

https://www.servicenow.com/docs/r/yokohama/platform-security/access-control/acl-rule-types.html

https://www.servicenow.com/docs/r/zurich/application-development/servicenow-sdk/acl-api-now-ts.html#...