Issue with ACL on dot-walked field

mmongeau · ‎08-21-2015

In Project Management there is a parent/child relationship between a Project (pm_project) and Project Task (pm_project_task). On a Project Task list view I have added 'Parent.Short Description', which is the project name for the top-level tasks directly below a project.

As an Administrator I can view the contents of that field in list view.

A user with the project_user role, who is able view all projects and tasks, does not see any data in that column.

I enabled Debug Security and what it is showing is it is failing the script evaluation on a high-level read ACL that applies to all records

The script says you must either be an admin or the default security mode is allow (the default mode is deny).

Script: gs.hasRole('admin') || gs.getProperty('glide.sm.default_mode') == 'allow'

Users with the project_user role have full read access to all fields in the pm_project table, as seen here when the same non-admin user views all projects.

So why is this read ACL on pm_project.* being bypassed when dot-walking from pm_project_task up to pm_project?

Thanks,

Michael Mongeau

Stratus Technologies

ServiceNow CA/CAD

mmongeau · ‎08-25-2015

ServiceNow Support has confirmed that this is a defect documented on PRB582996.

Michael

View solution in original post

manikorada · ‎08-21-2015

Michael,

Do you have any ACL defined for pm_project_task.None read operation?

mmongeau · ‎08-21-2015

I have not customized any of the ACLs in the Project Management area - these are the ones included out-of-the-box.

Michael

mmongeau · ‎08-21-2015

I just noticed that you asked about pm_project_task. The pm_project_task.None read rule is identical to the one above for pm_project.None. Access is granted to users with the role 'itil' or 'project_user'.

Michael

mmongeau · ‎08-25-2015

ServiceNow Support has confirmed that this is a defect documented on PRB582996.

Michael