The CreatorCon Call for Content is officially open! Get started here.

Need to grant ITIL users access to write to specific fields on core_company table

johnthomas
Tera Contributor

‎11-29-2017 11:17 AM

We have a handful of custom fields on the core_company table that we want to make editable for all ITIL users.   Most of the data on the core_company table is managed by users with user_admin role (out-of-the-box setting).

I'm wondering if there's a way I can just give write-rights to ITIL for specific fields...or do I have to give ITIL write-rights to the core_company table, and then go back and remove ITIL's write-rights to all the other core_company attributes (e.g. leave our custom fields alone so they will be able to edit these fields, but none of the others).

I'm pretty sure that will work, but it seems like a lot of work to do, and I'm wondering if this is the right way to do it.

0 Helpfuls
  • 2,664 Views
7 REPLIES 7

harshinielath
Tera Expert

‎11-29-2017 11:25 AM

I feel you need to do it in the second way.


First give write rights to the table using one ACL and then restrict the write rights for other fields for itil using other ACL.


Giving the full access and then restricting is best practice for ACL which I follow.


0 Helpfuls

Somveer Karhan1
Giga Expert

‎11-29-2017 11:31 AM

Hi John,



You would need to create/modify below ACLs for write operation:


1. add itil role to core_company ACL in addition to the existing user_admin role to allow ITIL users write to the table


2. Create new ACL core_company.* and give access to user_admin role only. This will limit the write access of all fields to user_admin.


3. Create new ACL for each of your custom field (which should be writable by ITIL), ex. core_company.<custom field1>, and give access to both ITIL and user_admin.



Combination of above ACLs will allow user_admin to write into all fields of core_company table, and ITIL users to write only to your custom fields.



Best Regards,


Somveer


0 Helpfuls

johnthomas
Tera Contributor
In response to Somveer Karhan1

‎11-29-2017 12:33 PM

Somveer, I think I tried your solution before, and it didn't work.   But let me verify your meaning on #2 above.



Out-of-the-box, core_company* already exists for itil, model_manager, user_admin to have read operational rights.



Is your #2 saying that I need to create an additional entry for core_company*, and specify only user_admin to have write operational rights?


0 Helpfuls

Somveer Karhan1
Giga Expert

‎11-29-2017 12:48 PM

Yes John,


you got it right.



core_company.* on read operation would not be considered by ServiceNow when write operation is being performed. We must have #2 in place to restrict ITIL users from writing to fields which are not mentioned in #3.