Enable non-itil user edit field in sys_user

William Busby
Tera Guru

‎09-06-2017 07:21 AM

I need to enable edit to two specific fields in sys_user to Joe User who is not an itil user. I've taken the following actions:

- Disabled the ACL for sys_user write operation

- Validated ACL for sys_user* write operation is enabled

- Added an ACL for sys_user.field1 read operation with role 'public'

- Added an ACL for sys_user.field1 write operation with role 'public'

All to no avail. Additional info, the write is being done with GlideRecord call from client script. Not ideal but mimics prior behavior where code was doing the same update to another table (fields are being moved to sys_user). Any ideas?

Labels:
0 Helpfuls
  • 2,679 Views
6 REPLIES 6

edwajs
ServiceNow Employee
ServiceNow Employee

‎09-06-2017 06:00 PM

Hi Bill,



I endorsed Michael's answer about the out-of-box write ACL on sys_user so a person can modify their own profile (which is really a special view/form of the sys_user record).



The trick with read or write ACLs is that you need two to evaluate to true in order to have access to a field:


a.   You must have a record-level ACL evaluate to true.


b.   You must also have field-level ACL evaluate to true.



What you find in an out-of-box system is a set of three ACLs if you trying to enable write on only a specific field.   Using your sys_user.field1 as an example, there are three write ACLs:


  1. sys_user write <-- record-level write access
    • script shown above: if (gs.getUserID() == current.sys_id || gs.getUser().hasRoles()) answer = true; else answer = false;
  2. sys_user.* write <-- field-level write access, and you want it to have the script answer=false;
    • the first ACL allows you to write the record, this ACL protects all the fields in the record.
  3. sys_user.field1 write <-- field-level write access to your custom field, to permit writing to it.
    • you can use the same script as #1, or simply answer = true; this opens it up to any authenticated user.


Ed Wajs


ServiceNow Technical Support


William Busby
Tera Guru

‎09-14-2017 06:02 AM

I appreciate all the replies and the insights given. In my case it was simply a matter of removing the 'improvements' I'd made to the ACL and revert everything back to the default settings.


0 Helpfuls