Create ACL blocking New button in related list
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2019 11:56 AM
I have 2 create ACL's on our core_company table one that only allows users with our accounting role to create records where the parent field is empty. The other ACL has two different roles and says parent is NOT empty. I'm trying to limit new parent company creation to just one group, while other groups can create new child sites.
We have a related list on our company form that show records where parent = that current record. A new button appears at the top of the related list for all users who satisfy the roles of the child only create ACL. However if the same user goes to the company table list view there is no New button. When impersonating one of these users if I click the New button on the related list the page reloads with an info message action not authorized. Using the security debugger I see that the roles required for the ACL are met but the conditions evaluate to false.
If I create a new module to insert a new record with the parent field defined in the conditions it works fine. It seems like on the related list the ACL is half working. Why would the New button even be displayed?
Any advice is greatly appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2019 07:26 PM
Should be specifications to govern which role can do new/edit/etc for each operation from List Control
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2019 08:07 PM
ACL's only need one rule to pass to grant access to the user.
Alas, you can't really make an ACL to 'block' access entirely.
Create ACL's are particularly tricky, as if there exists one circumstance where they can, the New button will show everywhere, even if the form is impossible to submit due to other constraints.
One option would be to do as Rober has suggested, but will only apply to that instance of the list.
ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2019 05:50 AM
Thanks for the replies! Ended up just omitting the New button and creating a UI action to bring users to the new record with write ACLs on the parent field for the correct roles.
