Did you know, that ACL scripts are running even the advanced flag is set to false?!?!?!!!!

Zod
Giga Guru

‎02-05-2018 03:41 AM

After got trapped by an ACL that did do something I was not expecting ... I found out, that the script in the acl was executed even the advanced flag set to false.

As this is a true/false field and not an ui action to show/not show the script, this is absolutely not what I expected and none of my peers knew this.

Also the ServiceNow Support was obviously not aware of it ....

Developement Statement:

"..., the developer has confirmed that this is an expected behavior. The Advanced checkbox just controls the visibility of the script field. At the time of ACL execution, we check the script field. If it is populated, we will execute it as part of the ACL evaluation.

utely"

From my point of this is critical .. especially as we are talking about ACLs! And for sure not consistent ... and somehow servicenow more and more starts to look like cobbled solutions like Martix or HP ...

Not a good developement from my point of view ;-(

  • 2,106 Views
17 REPLIES 17

sbh
Tera Guru
In response to Allen Andreas

‎04-07-2021 02:56 PM

I appreciate the warning, and I'm sorry you had to deal with the notification mess. (And I'd better clean up my bits of commented-out code from here and there before they cost someone else valuable time.)

But knowing commented-out script can execute scares me. That's a pretty basic and broadly-used coding convention. I didn't even know it was possible before now.


It seems like sometimes comments are respected, as in

//Type appropriate comment here, and begin script below


or, thankfully,

// xyz.update();         or          // email.save();


If I'm going to run a script in prod (after testing thoroughly in dev and test), I usually run a 'dry run' in prod to check the count of records to be updated or emails to be sent before I uncomment the update() or save() line. I don't like thinking I can't count on that.

Comments are also helpful when debugging.

And (one more whine) I don't know why the - very handy - comment toggle is in the script editor if commented-out script is evaluated the same way uncommented script is.

This news is confusing and a little nervous-making. Which does make me even more grateful for the warning, so thank you!

0 Helpfuls

Allen Andreas
Administrator
Administrator
In response to sbh

‎04-07-2021 03:55 PM

Let me clarify what I mean...commented out script, the actual actions and functions commented out do not run...

But the concept of "code" being there, is ran, even if it's commented out.

So yeah:

//this here is commented out

that alone, being in the field I mentioned (in notification condition script) is enough to count as "script there" in the context that it must equal true for the notification to send. So it's not "ignored" fully...but is ignored as far as the script commented out being executed.

Take care! 🙂


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

sbh
Tera Guru
In response to Allen Andreas

‎04-07-2021 04:08 PM

I think I see now. So it's evaluated but not executed? (I was using those words interchangeably, and I shouldn't have.)

I can live with that. If I could give you 2 'helpfuls' for that, I would.

And thanks - you take care too!     🙂