I have a scoped application financial request where user needs read only access. The user needs write access to additional comments and worknotes. For this I created a role (global scope) and then I created a write acl(scoped),
added below for additional comments. And in roles added my newly created role (snc_interanl got auto populated). Added the role to users profile.
Still when I impersonate user and check he cannot see or update the additional commen. What is wrong here?
You don't go into detail around what ACLs you created other than the one in the screenshot. You stated a user base only had read-only access to tickets prior to attempting this change, which I'm assuming was done by a record level write ACL. To allow this user base access to work notes at the very minimum it would need:
- A record level write ACL for the new role
- A field level write ACL for work notes
- A field level write ACL for comments
- A field level * write ACL to re-lock down the other fields you just granted access to when the record level write ACL was created
Are all these ACLs in place? If so, it would be worth turning on Security Debugging and impersonating the user you're trying to get it to work with and navigate to a record. You should see an entry for record/[table name].work_notes/write at the bottom of the record view, similar to the image below. If there is a red cross in the top left corner, then the ACLs are failing. If this tick is green, then the inability to write is likely being caused by something client-side, such as a UI Policy or Client Script
@Anna_Servicenow Can you check if there is write ACL for table level access?
If not then please create the following ACL and see if the additional comments become editable.
