Read ACL for a role

MStritt · ‎03-10-2023

We have 4 ACLs (Read/Write/Delete/Create) created for a role called sn_customerservice.feature_request_user. This is working for anyone who has this role. They can see/manage/access all Feature Requests records, etc. I've created a new role called sn_customerservice.feature_request_user_view_only which I only want users who have this role, to only view Feature Requests records/fields. So, I've added this new role to the Read ACL above (see below). However, when I give this role to a user and impersonate them, I can't see any of the Feature Requests. I've also created a new Read ACL just for this new role, but same results.

Allen Andreas · ‎03-21-2023

Hi,

Have you done any other analysis and debugging on this? Such as debugging access controls to see what is preventing the "read"? https://developer.servicenow.com/dev.do#!/learn/learning-plans/rome/new_to_servicenow/app_store_lear...

Your post is a bit confusing because I had asked if there was a table.* ACL or not, which now in your screenshot you're showing as if you've created it, but the point here is that if there was a table.* ACL already for this table, then that means that there's permissions now possible set for all or several fields. So you'd want to review your table "read" ACLs...your table.* "read" ACLs as well as table.field "read" ACLs to see what may be preventing them from seeing the records...

Additionally, ACLs are just one piece of the puzzle, there's also "query" business rules and one could be set for this table preventing the records from showing. Please look at your business rules for this table and type query to see if there's something there as well.

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

View solution in original post

Allen Andreas · ‎03-10-2023

Hi,

Is there also table.* "read" ACL as well?

This determines what fields are present and so if they don't have access to the see the fields, then nothing would show.

Double-check your table read ACLs as well as your table.* ACLs and subsequently table.field ACLs and set them up as you need.

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

MStritt · ‎03-21-2023

Hi Allen,

Sorry for the delay. I've created a READ ACL on the table (see below). When I impersonate a user that I've given the role to, I can see the Feature Requests modules that I configure for the role, but I'm not seeing any Feature Request records that have been created.

Allen Andreas · ‎03-21-2023

Hi,

Have you done any other analysis and debugging on this? Such as debugging access controls to see what is preventing the "read"? https://developer.servicenow.com/dev.do#!/learn/learning-plans/rome/new_to_servicenow/app_store_lear...

Your post is a bit confusing because I had asked if there was a table.* ACL or not, which now in your screenshot you're showing as if you've created it, but the point here is that if there was a table.* ACL already for this table, then that means that there's permissions now possible set for all or several fields. So you'd want to review your table "read" ACLs...your table.* "read" ACLs as well as table.field "read" ACLs to see what may be preventing them from seeing the records...

Additionally, ACLs are just one piece of the puzzle, there's also "query" business rules and one could be set for this table preventing the records from showing. Please look at your business rules for this table and type query to see if there's something there as well.

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

MStritt · ‎03-22-2023

Issue was with a Business Rule. Thanks!