Issue with ACL on dot-walked field

mmongeau · ‎08-21-2015

In Project Management there is a parent/child relationship between a Project (pm_project) and Project Task (pm_project_task). On a Project Task list view I have added 'Parent.Short Description', which is the project name for the top-level tasks directly below a project.

As an Administrator I can view the contents of that field in list view.

A user with the project_user role, who is able view all projects and tasks, does not see any data in that column.

I enabled Debug Security and what it is showing is it is failing the script evaluation on a high-level read ACL that applies to all records

The script says you must either be an admin or the default security mode is allow (the default mode is deny).

Script: gs.hasRole('admin') || gs.getProperty('glide.sm.default_mode') == 'allow'

Users with the project_user role have full read access to all fields in the pm_project table, as seen here when the same non-admin user views all projects.

So why is this read ACL on pm_project.* being bypassed when dot-walking from pm_project_task up to pm_project?

Thanks,

Michael Mongeau

Stratus Technologies

ServiceNow CA/CAD

mmongeau · ‎08-25-2015

ServiceNow Support has confirmed that this is a defect documented on PRB582996.

Michael

View solution in original post

srinivasthelu · ‎08-21-2015

Table Level ACL Place role here.

You may find this thread:Column shown blank in list view in spite of having values useful.

mmongeau · ‎08-21-2015

There is already a record-level read ACL on the pm_project table (field = 'None') and it does not seem to make a difference.

\

Michael

manikorada · ‎08-21-2015

Michael,

Instead of using Parent.Short Description can you add Project.Short Description

mmongeau · ‎08-21-2015

I added Project.Short Description and it has the same issue. Access is denied via the record/*/read ACL.

Michael