Query BR or Read ACL

Venkat122 · ‎08-08-2018

Hi All,

Which is the best way to implement restricting visibility to certain records by using query business rule or read acl?

Aman Gurram · ‎08-09-2018

Hi Venkat,

I know your Question has been answered, but I would like to point out a flaw when you implement it with Query BR.
If you have a Query BR on a table that restricts access to certain records, it means

-User cannot see the Records in List/Form

-User will also be restricted to the records in GlideRecord Queries in a script as well.

User will be restricted to those records for every QUERY on the Table.

If you are in a situation where you have to restrict users from Reading Certain records from a Table in List/Form, but allow your scripts to query on the table without any restrictions, then Go for Read ACL. Because Read ACL will not restrict those records in a script that executes GlideRecord Query on the Table.

Hope this Helps.

View solution in original post

Venkat122 · ‎08-09-2018

Hi Aman,

Thank you! This is really a good point. Can you please give me any real time examples which you come across to gain some knowledge ?

Coleton · ‎08-09-2018

I did forget to mention the power of ACL's in this case. ACL's will allow you to restrict user view of those records, the BR will simply restrict them from even being able to search for that record. If they attempted to query for it, it would not result in a record.

The ACL will show a user that the record is hidden by security constraints due to their permission levels.

Here is some ACL Documentation.

Report Inappropriate Content · ‎08-09-2018

Hi Venkat,

For more clarity go through the following links :

acl vs business rule

What Everybody Should Know About ServiceNow Security

Thank You

Regards
Ajay

www.DXSherpa..com