One ACL making field read only and other making field editable on form , which one will apply ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2025 09:40 PM
Hi Community,
Can anyone explain above scenario?
Is there any order or logic which applies while evaluating this kind of scenarios?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2025 09:58 PM
When two ACLs apply to the same field and one grants access while the other denies it, the most restrictive ACL always wins.
Rule: Deny overrides Allow
ServiceNow evaluates ACLs in this order:
Table-level ACL
Field-level ACL
Most restrictive result applies
If any matching ACL returns false (deny), the user is denied that operation, even if another ACL returns true (allow).
So in your case:
One ACL makes the field read-only (deny write)
Another ACL makes the field editable (allow write)
The result will be:
Field becomes read-only
Because:
A single deny on the write operation stops the user from editing the field.
Allow does not override a deny.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2025 10:59 PM
Hi @KS86
If a user satisfies at least one permissive ACL, they will be allowed to edit the field, regardless of any other ACLs that might deny access.
Please appreciate the efforts of community contributors by marking the appropriate response as the correct answer and helpful. This may help other community users to follow the correct solution in the future.
********************************************************************************************************
Cheers,
Prashant Kumar
ServiceNow Technical Architect
Community Profile LinkedIn YouTube Medium TopMate
********************************************************************************************************
