isNewRecord() not working in ACL with REST

phoang · ‎10-14-2016

Hi,

I need an account to create records but also be restricted to Read with just new records.

In the table Read ACL, I've added if(current.isNewRecord() && gs.hasRole(XXX)){ answer = true;}

But it's not working when I go to the REST API Explorer to test. I am not able to add any Fields to the Parameter.

Are you able to use isNewRecord with REST API? Is there a way to do this? We basically don't want this account to be able to GET records back that was opened by it but still be able to create. And it looks like it needs read to create.

bernyalvarado · ‎10-14-2016

The ACLs processing order is well documented over here:

http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules#Processing_Order_for_Record_AC...

I hope this helps!

Thanks,

Berny

phoang · ‎10-14-2016

Sorry I'm still confused about the first part..

Don't I need read role for this account to use the create operation? And if I give it the read role then doesn't it have access to all records to that table? We don't want it to have access to all records just ones that this account opened.

bernyalvarado · ‎10-14-2016

Hi Phuong,

I'm almost sure that you don't need a read access in order to do a create operation. Best way is to try it out with a new table, a new role and take a look how it responds given those ACL conditions

Thanks,

Berny

bernyalvarado · ‎10-14-2016

If the account does require to have read access to the records it created then you can use the sys_created_by field and have a specific ACL if the created by matches with your REST account

Thanks,

Berny

phoang · ‎10-17-2016

I did test it out and it does require read access. I also tested with using sys_created_by field in a specific ACL and it will give the account access to records that account created but also to ALL other records. We don't want this account to view the other records. Is there a way to do this? Or am I missing something?