How can I run my configure ACL First to hide some record based on a variable value?

Chandra18
Mega Sage

yesterday - last edited yesterday

Hi Team,

 

I have a custom table x_custom_table that contains a field related_table (field type = Table).

This field references different tables such as x_gisr, x_ara, etc.

 

Requirement:

I want to hide all records from the list and form view where related_table = x_gisr,

for all users (including admin) if user not having x_security (Custom role) but another record should be able to see where related_table != (is not) x_gisr ,in other word... only user having x_security role can see the records where related_table = x_gisr. 

I have write some read ACL with taking that role in role section and data condition but not working.
I have  check "Show ACL Execution Plan" (feature : Related link on ACL) , it is showing some ACL run before current (My ACL) but I have deactivated all it is not working still.

How can I write the ACL please Guide.

Thank You in advance!!!





0 Helpfuls
  • 377 Views
9 REPLIES 9

J Siva
Kilo Patron
Kilo Patron

yesterday

Hi @Chandra18 
You should create "Deny Unless" type "Read" operation , "table" level ACL to meet your requirement.
Sample..

JSiva_0-1761557624463.png

Regards,
Siva

 

0 Helpfuls

Chandra18
Mega Sage
In response to J Siva

yesterday

@J Siva Still not working 

 

0 Helpfuls

Mark Manders
Mega Patron
In response to Chandra18

yesterday

Without sharing what you did, a 'still not working' doesn't tell us why it doesn't work. Deny unless ACLs run first, so if you have those on your fields, they should work.

BUT: to run, the user must have the ability to see those tables. Because the verification is done as the user. So if they don't have access to any of the conditions in the ACL, the ACL can't be evaluated.
Check the access analyzer as well to see what is and what isn't evaluated. And if you completely want to hide them, use Ankur's solution of a query BR.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

yesterday

@Chandra18 

let ACL show everything.

you can create a query business rule on your table for this

Condition: gs.getSession().isInteractive()

Script:

(function executeRule(current, previous /*null when async*/ ) {

    // Add your code here
    if (!gs.hasRole('x_securityRole'))
        current.addQuery('related_table', '!=', 'x_gisr'); // give correct values

})(current, previous);

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls