Grant Access to a Field Without Affecting Inherited ACL

Go to solution
cfraser
Tera Contributor

‎01-28-2025 08:40 AM

Hello,

 

I have a requirement that is to allow users in a particular group to edit the "Planned end date" field in the "rm_story" table. The problem is that there already exists an ACL called "planned_task.end_date" that already controls this field because the Stories table inherits it. If I add the write ACL for the rm_story table that checks if the user is in a group, it overrides the "planned_task.end_date" ACL and this ACL becomes is useless. Which means anyone who isn't in the group that would have otherwise had access no longer has access.

 

The "planned_task.end_date" contains role checks and a script which I would like to keep. I tried adding it into the script section, but I do not think it was working properly.

 

What is the best way to go about this?

Preview file
27 KB
0 Helpfuls
  • 668 Views
1 ACCEPTED SOLUTION

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎01-28-2025 06:25 PM

@cfraser Since your situation demands adding a new field level ACL on rm_story table, I recommend creating it as a replica of planned_task.end_date ACL. Except table(rm_story), everything else will remain same and you can check your additional conditions in this new ACL.

View solution in original post

4 REPLIES 4

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron

‎01-28-2025 06:25 PM

@cfraser Since your situation demands adding a new field level ACL on rm_story table, I recommend creating it as a replica of planned_task.end_date ACL. Except table(rm_story), everything else will remain same and you can check your additional conditions in this new ACL.

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron
In response to Sandeep Rajput

‎01-29-2025 06:46 AM

@cfraser Please mark the response an accepted solution if it addressed your question.

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎01-28-2025 07:56 PM

@cfraser 

the earlier ACL is from the parent table and when you create a field level ACL for your table this one will take the precedence.

If you wish to keep both the logic then ensure you create a new field level ACL on rm_story and include logic from the parent one or discuss with your customer if they are ok to have it as per new requirement.

Most of the times we create the child table ACLs to cater to the new requirement.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Ankur Bawiskar

‎01-29-2025 07:02 AM

@cfraser 

Thank you for marking my response as helpful.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls