Question on ACL

Community Alums
Not applicable

‎12-19-2024 12:35 AM

Hi,

 

I have created a new table and just added only one read ACL with no roles, conditions, or anything else. I removed Admin Overrides, but the admin can still see the records. Why? Kindly help.

 

1.png

 

2.png

 

3.png

 

Regards

Suman P.

0 Helpfuls
  • 512 Views
7 REPLIES 7

Mark Manders
Mega Patron

‎12-19-2024 12:45 AM

Because you have a read ACL that allows all users to read the table. That includes the Admin.

What are you trying to achieve, because what you are asking is exactly because of how you configured it.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Anand Kumar P
Giga Patron
Giga Patron

‎12-19-2024 12:54 AM

Hi @Community Alums ,

Unchecking the Admin Overrides checkbox in an ACL does not block administrators from accessing the resource because admins inherently bypass role checks. To restrict admin access, you must use the nobody role or create conditions or scripts that explicitly deny access to admins.

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0685046

 

If my response helped, please mark it as the accepted solution and give a thumbs up👍.
Thanks,
Anand

Community Alums
Not applicable

‎12-19-2024 12:56 AM

Hi @Anand Kumar P,

 

What is the use of the checkbox then? In which scenario does it help?

 

Regards

Suman P.

0 Helpfuls

Mark Manders
Mega Patron
In response to Community Alums

‎12-19-2024 12:58 AM

It helps that if you allow access to ITIL on incident records, your admin also has the access without adding the admin role explicitly to the ACL. It adds the admin. So if you want ITIL to be able to read all incidents, but not the admin, you uncheck the checkbox.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls