Field level ACLs creation options

EshikaAgrawal
ServiceNow Employee
ServiceNow Employee

‎07-07-2025 04:03 AM

I have field-level ACLs defined on a table, and I noticed entries like tablename.* exist for read and write operations. Initially, I used GlideRecordSecure in my script to rely on built-in ACL enforcement.

 

However, I observed that GlideRecordSecure can result in unexpected behavior during operations like insert() or update() — for example, if the user lacks access to some fields, only a partial insert may happen (i.e., some fields are saved while others are silently skipped). This is not desirable, as it leads to inconsistent data.

To ensure strict enforcement of field-level permissions, it's better to explicitly validate field access and throw an error if the user doesn't have permission to access any of the required fields — instead of proceeding with incomplete data.

 

While we can use isValidField() to check field access or gr.getElement(fieldname).canRead(), calling it for each field individually becomes tedious. Even if we centralize this in a helper method and pass a list of field names, we still have to maintain that list for all usage points, which is error-prone and difficult to scale.

 

Any other way to handle this?

0 Helpfuls
  • 522 Views
8 REPLIES 8

Ankur Bawiskar
Tera Patron
Tera Patron

‎07-07-2025 04:19 AM

@EshikaAgrawal 

First of all there is no built-in mechanism to handle this and you will have to handle it at each field level.

no other way I believe but to use a utility method which can be reused

function checkFieldWriteAccess(gr, fieldNames) {
    for (var i = 0; i < fieldNames.length; i++) {
        var field = fieldNames[i];
        if (!gr.getElement(field).canWrite()) {
            return false; // or throw error
        }
    }
    return true;
}

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

EshikaAgrawal
ServiceNow Employee
ServiceNow Employee
In response to Ankur Bawiskar

‎07-07-2025 04:25 AM

 Even if we centralize this in a helper method and pass a list of field names, we still have to maintain that list for all usage points, which is error-prone and difficult to scale.==> ya this i also thought but problem is need to pass everytime fieldnames from all methods that are using table so looking for something which can handle this without making task tedious and degrading performance.

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to EshikaAgrawal

‎07-07-2025 04:33 AM - edited ‎07-07-2025 04:34 AM

@EshikaAgrawal 

yes that's correct.

that's the only way I believe.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

EshikaAgrawal
ServiceNow Employee
ServiceNow Employee
In response to Ankur Bawiskar

‎07-07-2025 05:09 AM

okay, 1 more thing, using gliderecordsecure id field's value always gets returned? doesn't matter if it respects acl or not? i have observed this for few tables

0 Helpfuls