- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-13-2022 11:53 AM
Hello all,
Is there a way to restrict incident task visibility for end users (non-roled users) to only be able to read certain fields (caller, description, short description, etc)? I am trying to add ACLs to only allow them to view specific fields for any records they search but it seems that it needs the Incident.NONE ACL as well which to my understanding, allows them to see everything in the table which includes the rest of the fields in a record. Is that correct? What can I do to allow end users to view any record but only some fields in that record?
Thank you!
Yen
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-13-2022 12:31 PM
Hi,
Incident.NONE gives access to read at table level. It is required before evaluating if a user should be granted rights to read specific fields on the table.
After the table level ACL has been passed, it starts evaluating the field level ACLs.
You can set read rights on field level by creating a field-specific ACL like this: Incident.contact_type
And in the ACL define which roles should be required (such as itil) to be granted the right to read that field.
You can read more about how ACLs work on the Developer site.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-13-2022 12:31 PM
Please see:
ACL rule types (servicenow.com)
Field level ACLs should work. Seems some thought will be needed for what your requirement is. And like many requirements, there may be other means available (Business rules, Data Policies, etc.).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-13-2022 12:31 PM
Hi,
Incident.NONE gives access to read at table level. It is required before evaluating if a user should be granted rights to read specific fields on the table.
After the table level ACL has been passed, it starts evaluating the field level ACLs.
You can set read rights on field level by creating a field-specific ACL like this: Incident.contact_type
And in the ACL define which roles should be required (such as itil) to be granted the right to read that field.
You can read more about how ACLs work on the Developer site.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-13-2022 01:08 PM
Thank you OlaN,
This was my understanding as well. I tried the following:
Created the table level ACL for read access (incident.none) with no roles which is supposed to open up the table records to all users.
Created a field level ACL for read access (incident.*) with no roles which is supposed to allow end users to read the fields in an incident record.
Created field-specific ACLs for read access for users who are not the creators of the incident and do not have any roles(advanced condition).
Going through it, I realized my issue. The field level acl (incident.*) needs to contain the conditions where the opened by or caller are the user trying to view the incident and then apply the specific field ACL with the conditions where the opened by or caller is not the user trying to view the incident. Then, the field-specific ACLs applied correctly.
Thank you so much for your help, it helped me figure out my problem!
Yen
