Does UI Policy override ACL?

Community Alums · ‎05-06-2019

I've a custom field on change_request form and have restricted it to be read only when state is greater than authorize. I've a write ACL to make is editable only for users with role CAB manager. When I login as CAB manager, the field is still read only. Anything I am missing here?

ggg · ‎05-06-2019

I did get this to work on my custom table.

I have 2 acls, one WRITE with * and one WRITE with custom_field selected.

write with * write with custom_field

abel tuter yes no

aileen mottern yes yes

and

i have ui policy

if my category field = a then my custom_field is readonly

this configuration works ...

sachin_namjoshi · ‎05-06-2019

Your ACL should work.Can you share screenshot for your ACL configuration?

Are you impersonating as CAB manager while testing your ACL?

Also, turn on debug security rules to find out which ACL is allowing access for CAB manager.

Regards,

Sachin

Community Alums · ‎05-06-2019

Hi Sachin,

Yes, I am impersonating as CAB manager. When field watch that custom field I can see that UI policy is making it read-only even though I've ACL for that particular field to make it editable.

ggg · ‎05-06-2019

i successfully accomplished your requirement.

i gave abraham lincoln the sn_change_cab.cab_manager role and did NOT give it to abel tuter. (they are my test users).

I created an acl on change_request: WRITE with custom_field selected.

write with custom_field ACL

abel tuter no

abraham lincoln yes

and

i have ui policy

if state is one of ( scheduled, implement, review ...) then my custom field is readonly.

result:

field is readonly to abel tuter always and editable to lincoln in the states before scheduled.

Community Alums · ‎05-06-2019

Hi ggg,

My requirement is to make CAB manager edit the custom field in all states and not editable for other ITIL users in particular state.