Make form editable even after it is closed

_Alex · ‎05-23-2022

I have a requirement where I am asked to make the security incident form editable and savable even after the incident is closed by a new group called security incident closer group

I created the group and role called security incident closer

Created an ACL, please see the screenshot

However, when I am testing and I navigate to a closed-form, I am still not able to edit it

Is there anything I am missing at this point? is there another ACL I need to modify, that could be blocking this acl

note: I have also attached a screenshot of the available acl's with matching names

Allen Andreas · ‎05-23-2022

Hello,

isMemberOf('security_incident_group') -- need single or double-quotes.

Make sure that's the appropriate display name of the group.

Example:

gs.getUser().isMemberOf('Hardware');

Good reference to look at is: https://servicenowguru.com/scripting/user-object-cheat-sheet/

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

_Alex · ‎05-23-2022

@Allen Andreas

Hi

I added the quotes but the form is still grayed out

Allen Andreas · ‎05-23-2022

Hi @@Alex

That "write" ACL is just for the table, but there's table.field ACLs as well, so you've need to look at a table.* ACL as well.

You may be better off assigning a custom role to this group and then using that in your "Roles" section, instead of scripting the group name, etc.

As pointed out in the reference link, you can also use the sys_id. My goals is to more so help you learn per what you were trying to do.

If you have other security incident table.* "write" ACLs, then you'll need to give permission there as there's more to all this than just the table.

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Allen Andreas · ‎05-23-2022

Hi @@Alex

Please see my reply above as I cover this and more, posted about an hour ago.

There are table level ACLs and then field level ACLs.

A table ACL is table.none or what you've shown in your screenshot. That applies to the table itself.

Then there's table.* with the * meaning it applies to all fields (sometimes tables don't have a table.* ACL so then the table level ACL is what is used to also apply to the fields). If the table involved in your question has a table.* "write" ACL already, then it means that that is controlling the field writing. So the users can "write" to the table...but then you have this other ACL blocking the writing to fields. So you'd want to allow them to write there as well as the table level ACL. This is accomplished through a table.* ACL -- then...there's table.field_name ACLs for individual fields...you'd want to ensure this new group of users can write there as well when you want them to (security incident is closed, etc.).

You may want to refer to documentation for an explanation as well: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0541355

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!