Create an ACL to filter the Change Request list so that records are visible based on the Change Type

abigailtaba · ‎04-08-2025

Hello,

I’ve created an ACL on the Change Request table to control record visibility based on the Change Type.

For example:
I created a new role called "normalrole". I want only users with this role to be able to see records of type "Normal change". Other ITIL users should still be able to see all other types of changes—just not the normal ones, unless they have this specific role.

Currently, my ACL is:

Type: Read

Table: Change Request

Role: normalrole

Condition: Type is NOT "Normal change"

But this doesn’t seem to be working as expected.

Any suggestions.

Shivalika · ‎04-08-2025

Hello @abigailtaba

Update the "Type to - Deny Unless" .

Applied records to "Type is normal"

And role as "normal role"

So this will deny access to all the users to normal change request unless they don't have this particular normal role.

I hope this answers your queries.

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.

Regards,

Shivalika

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY

Robert H · ‎04-08-2025

Hello @abigailtaba ,

The Change Request table has multiple read ACLs by default. The user will be granted read access if they pass at least one of them. That is why creating an additional ACL will not give you the expected results: the users who don't have the "normal role" are still passing some of the other ACLs.

If you are on Washington DC or earlier releases you would have no choice but to modify all the other ACLs.

But if you are on Xanadu or later there is a new field on ACLs called "Decision type". If you create your ACL with "Deny unless" selected here it will be evaluated first, and if the user does not pass this ACL then the existing ACLs will not be evaluated and read access will be denied.

Regards,

Robert

Shivalika · ‎04-08-2025

Isn't that what you want @abigailtaba to show normal records to only "normal role" users.

I have already added a condition that it will only apply to change request that have type normal. So it certainly won't affect other types - all the users will still be able to see other types as mentioned.

And if there are some user groups which you want should see - then grant that role in the group itself for normal change request types.

That's what I understood from the question, that you wanted it for all normal change request types for this particular role and no other role.

Kindly mark my answer as helpful and accept solution if it helped you in anyway. This will help me be recognized for the efforts and also move this questions from unsolved to solved bucket.

Regards,

Shivalika

My LinkedIn - https://www.linkedin.com/in/shivalika-gupta-540346194

My youtube - https://youtube.com/playlist?list=PLsHuNzTdkE5Cn4PyS7HdV0Vg8JsfdgQlA&si=0WynLcOwNeEISQCY