How to make only one field editable on record, remains should be read-only

Supriya25 · ‎08-21-2023

Hi All,

Please help me on below issue. why my Write ACL not working , always two fields still read-only just like previous.???

current setup:

in CSM, we create one custom table "Invoice Compliances " which is extended from Case table .we have totally 45+ fields (some custom fields and some case table fields ). Full Access on Invoice Compliances table records/fields can be updated only by "admins" and "invoice_compliances_user "

ACL : Write

Table: Invoice Compliances.*

roles: "admins" , "invoice_compliances_user ", Condition: State|not|cancelled/Closed.

on request For Finance group we create one new Role "finance_invoice_compliance_user" given read access on list of records for reporting purpose and some other purposes.

ACL : Read

Table : Invoice Compliances.*

roles: "finance_invoice_compliance_user" , Condition: State|not|cancelled.

up to this point everything fine.

Issue :

now finance_invoice_compliance_user role users want to update 2-fields by them in 'Invoice Compliances table' record, so we created Write ACL, but it is not working , always that two fields showing as Read-only as like other fileds.

ACL : Write

Table: Invoice Compliances.Trans ID

roles: finance_invoice_compliance_user, Condition: State|not|cancelled/Closed.

Script :

var gr=new GlideRecord('sys_user_grmember');
gr.addEncodedQuery('group.name.STARTSWITHFinance_Invoice_Compliance^group.active=true');
gr.addQuery('user',gs.getUserID());
gr.query();
if(gr.next())
answer=true;
else
answer=false;

Kindly help me why my Write ACL not working , always two fields still read-only just like previous.

Ankur Bawiskar · ‎08-21-2023

@Supriya25

Did you debug the ACL script by adding logs?

script looks good for me

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Supriya25 · ‎08-22-2023

Hi,

I added Popup gs.addInfoMessages in ACL ...., I can see that info message as a admin when i Open record, but when i impersonated with

Finance_Invoice_Compliance

this group user , he is not getting info message on record level.

Sandeep Rajput · ‎08-22-2023

@Supriya25 Can you try and use Debug Security Rules module and check at which level the ACL is failing? First turn the debugger on and then impersonate the user and check the Debug window to see at which level the ACLs is failing.

Supriya25 · ‎08-22-2023

as you stated I started Debugging

Results :

in sys_security_acl_role Table : error like this below when I put mouse over at Role field, Acl field

record/sys_security_acl_role.sys_user_role/read=true(0:00:00:001)
record/sys_security_acl_role.sys_user_role/write=false((0:00:00:000);

I Opened one Invoice Compliances table record and '''Trans ID ''' field Dugging details like below

All READ ACL's are executed and True...

but at One WRITE ACL: result like below

oooo record/Invoice Compliances table.Trans ID/write App:App:Customer

Roles ( Roles=finance_invoice_compliance_user)(Result=Not Evaluated)

I Opened that Write ACL it is so simple , which is we created yesterday.

ACL : Write

Table: Invoice Compliances.Trans ID

roles: finance_invoice_compliance_user

Condition: Empty

Advanced : empty