Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Not able to set the ACL correctly.

Community Alums
Not applicable

‎08-02-2024 04:10 AM

Scenario : I have created a custom table i.e abc, it has three field a,b and c. There are no ACL created for the table by default as I unchecked that option.

I have created 3 roles : abc_read, abc_user, and abc_amdin.

I want:

   1) abc_read = able to see all the records.

   2) abc_user = able to create records, and update records accept update c field.

   3) abc_admin = able to create record and update all fields.

 

How can I wrtie the ACLs, to achive this?

 

0 Helpfuls
  • 203 Views
2 REPLIES 2

Sandeep Rajput
Tera Patron
Tera Patron

‎08-02-2024 04:18 AM

@Community Alums Here is what you should do

You can use role inheritance in this case.

1. At the root you should have the abc_read role

2. Role abc_user should contain the abc_read role

3. abc_admin should contain abc_user and abc_read role

 

1.Read ACL: Create a table.None and table.* Read ACLs on your table and add abc_read role in the role list

2. Create and Write ACL:- Create a table.None and table.* Create and Write ACLs on your table and add abc_user role in the role list

3. Write ACL for c field: Create a table.C (field) Write ACL and add abc_admin in the role list.

 

Hope this helps.

 

0 Helpfuls

ShubhamGarg
Kilo Sage

‎08-02-2024 04:29 AM

Hello @Community Alums ,

 

To fulfil your requirement, following ACLs have to be defined -

 

1) abc_read = able to see all the records -> To be able to see all the records, table.* and table.none ACL goes hand in hand. So, both abc.* (READ) and abc.none (READ) ACL has to be created and well defined.

2) abc_user = able to create records, and update records accept update c field. -> All field read ACL; all record read ACL and create ACL would be needed. (abc.none - READ, abc.* - READ (if all fields readability to be enabled), abc - create ACL)

3) abc_admin = able to create record and update all fields. -> (abc - create; abc - update, abc.none, abc.*)

 

You can merge your above scenarios to avoid creating multiple ACL with similar conditions.

 

Let me know if it helps.

 

Mark this as Correct/Helpful if above info. helps in any way and help in closing this thread.

 

Regards,

Shubham

0 Helpfuls