Read and Write ACL on same field

Go to solution
vaibhavdesai
Kilo Expert

‎02-07-2017 01:31 AM

Hello Experts,

I want to understand few things related basics of ACL.

1) When we create read and write ACL on same field and table. What will be output of that? Which one will be executed?

(I tried to implement it and was not getting any output.)

2) If i have UI policy/Data Policy to restrict some field and then I create ACL on the same field. Which one will be executed first?

Regards,

Vaibhav Desai

  • 5,361 Views
1 ACCEPTED SOLUTION

Go to solution
Anurag Tripathi
Mega Patron
Mega Patron

‎02-07-2017 01:56 AM

Hi Vaibhav,



I don't think you need read and write both ACL on the same field(with same conditions) because, if read ACL returns false you will not be able to see the field then editing it is anyways out of the question.



Hope this helps.


-Anurag

View solution in original post

9 REPLIES 9

Go to solution
vaibhavdesai
Kilo Expert
In response to naresh1019

‎10-31-2017 05:09 AM

Hi Naresh Chandurkar,


If field is not able to pass read ACL. Edit is out of scope.


0 Helpfuls

Go to solution
Anurag Tripathi
Mega Patron
Mega Patron

‎02-07-2017 01:56 AM

Hi Vaibhav,



I don't think you need read and write both ACL on the same field(with same conditions) because, if read ACL returns false you will not be able to see the field then editing it is anyways out of the question.



Hope this helps.


-Anurag

Go to solution
vaibhavdesai
Kilo Expert
In response to Anurag Tripathi

‎02-07-2017 02:00 AM

Hello Anurag,



That's quite right logic wise.



But, is there any specific order related to ACL? which one will be executed first?


e.g:- Read, Write, Create..



Regards,
Vaibhav Desai


0 Helpfuls

Go to solution
Anurag Tripathi
Mega Patron
Mega Patron
In response to vaibhavdesai

‎02-07-2017 02:06 AM

I wont say there is an order like this,



The precedence is based on Parent table, current table, field level and so on.



But that's the general understanding that what you cant see you cant edit and cant report on. Similarly create and write also hold hands.


-Anurag
0 Helpfuls

Go to solution
Dave Smith1
ServiceNow Employee
ServiceNow Employee
In response to vaibhavdesai

‎02-07-2017 03:04 AM

There's no "order" as such:


  • read provides visibility. If there is no read rule, you won't see it.
  • write provides the ability to amend field content.


  1. If there is read but no write, the field appears greyed-out.
  2. If there is write but no read, the field won't show on the form/list. To all intents and purposes, the field doesn't exist to that user, so any scripts/BRs that try to change an "invisible field" will fail because the field isn't just hidden, it's missing.


Consequently, ACLs have the "last say" and it's recommended to try to use ACLs to manage visibility and change control. Use Policies to alter the way data is presented or prefilled for users, rather than to control access.