I want to create an ACL such that only the admin/ITIL role user can create/delete record in the table u_mytable ?

Go to solution
Rohan37
Giga Expert

‎07-31-2019 12:54 AM

What I did to allow only admin/itil role user to create/delete a record in the u_mytable table is that I openeed the OOB ACL and gave the ITIL user under roles and check admin overrides checkbox.

find_real_file.png

However, when someone who is a non-ITIL or non-admin is impersonating they are unable to even find the table after searching for u_mytable.list 

What to do regarding that ? Please provide me a script to write under ACL rules for create-write-delete-read

Such that only if the role is admin/itil they can create or delete a record u_mytable

and else they can only read-write a record if they have any other role other then Admin/ITIL

[ I need the script specifically, I don't want other methods ]

 

  

Preview file
63 KB
0 Helpfuls
  • 1,837 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎07-31-2019 01:00 AM

Hi Rohan,

you have modified the out of box create ACL;

so check the out of box read ACL on that table because user after doing u_mytable.list is unable to view records

so you want itil and admin to view as well; check if itil role is added to that out of box read ACL or not; if not add and then check

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎07-31-2019 01:00 AM

Hi Rohan,

you have modified the out of box create ACL;

so check the out of box read ACL on that table because user after doing u_mytable.list is unable to view records

so you want itil and admin to view as well; check if itil role is added to that out of box read ACL or not; if not add and then check

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Go to solution
Rohan37
Giga Expert
In response to Ankur Bawiskar

‎07-31-2019 01:05 AM

I didn't understand what you're trying to say ... Like i mentioned I have already updated the OOB ACL for create/delete such that only Admin/ITIL role users can create/delete a record ... Yet other users are still able to do it ...

Also I'd appreciate if you could provide a step by step solution cause I'm struggling here 

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Rohan37

‎07-31-2019 09:38 AM

Hi Rohan,

Did you impersonate with some user who is not itil and check new button is visible?

Is there any other create ACL on that table?

enable debugging security rules by admin; then impersonate as that user and check which ACL is allowing it?

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Go to solution
Rohan37
Giga Expert
In response to Ankur Bawiskar

‎08-01-2019 12:07 AM

I managed to do it.

Thanks.

0 Helpfuls