- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-02-2015 02:17 PM
I'm currently building a custom angular app inside a UI Page in a Service-Now instance that will be used for non-licensed users. I want to have a metrics table that collects data from the app via a REST call.
The challenge I have is I want to restrict read access to the table to only admins, but I want anyone (even users without a license) to be able to create a record.
But it looks like the read condition on an ACL needs to be set to true before a user can write to that field even if they have create/write access. I've tried creating a custom ACL condition that checks to see if isValidRecord() is true or if the necessary fields are empty to give read access. This seems to work inside Service-Now but still fails on a rest call. So what happens is REST call creates an empty record and ignores the data for the fields.
Any suggestions on how I can create an ACL condition that allows a user to submit to the table via REST but restricts viewing submitted records on the table?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-02-2015 03:08 PM
Hi Zach,
I don't think you can insert into a table without a read record. Maybe you could create an ACL with some script using current.isNewRecord(). I haven't tried it though, so I'm not sure it will work for you.
http://wiki.servicenow.com/index.php?title=GlideRecord#isNewRecord&gsc.tab=0
I have a question myself, how are you dealing with the rest api for users without a role. Since the rest api requires a role to be used. Aren't users with a role considered a licensed user? I'm assuming you're doing the rest calls from the context of the logged in user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-02-2015 03:08 PM
Hi Zach,
I don't think you can insert into a table without a read record. Maybe you could create an ACL with some script using current.isNewRecord(). I haven't tried it though, so I'm not sure it will work for you.
http://wiki.servicenow.com/index.php?title=GlideRecord#isNewRecord&gsc.tab=0
I have a question myself, how are you dealing with the rest api for users without a role. Since the rest api requires a role to be used. Aren't users with a role considered a licensed user? I'm assuming you're doing the rest calls from the context of the logged in user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-03-2015 07:07 AM
You'd want to check with your SN Rep to see if using the rest role requires a license. If you're using REST to mimic IT-side behavior I would imagine it's a license cost, but if you're reproducing something like a record producer or functionality that already exists without a license you may be able to allow rest-role to users for that purpose. It really depends on who does your licensing true up and how you're intending to utilize the rest calls.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-02-2015 11:34 PM
Would the following work:
a) ACL at the table level for Create is open for all
b) ACL at the table level for Read is open for all
c) ACL at the table level for Write is open for all
d) ACL at the table.* and any table.field_name for Read access is restricted only for Admins
e) ACL at the table.* for Write access is open for all
Thanks,
Berny
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-03-2015 12:36 AM
I had the exact issue of empty row creation for a different table using rest call. I added the ACL's as suggested by Berny Alvarado and added to rest_service role to the user profile and got it working.
