reference field ACL condition

JuanCarlosV
Tera Contributor

‎08-08-2025 03:41 PM

I have a table to which I want to apply an ACL, I want the requests to be displayed as long as the headquarters (field called sede of type reference to the cmn_location table) of the request is equal to the user's headquarters (field called u_sede of type reference to the cmn_location table)

 

I have already put some scripts but it does not return any data, these are the scripts I have used

 

answer = userRecord.u_sede.getDisplayValue().toLowerCase() == current.sede.getDisplayValue().toLowerCase();

----------------------------------------------------------------------------------------------------------------------------------------

var userRecord = gs.getUser().getRecord();

 

// Validar que ambos campos tengan valor

if (!userRecord.u_sede || !current.sede) {

    answer = false;

} else {

    // Comparar los nombres (display values) de las sedes

    answer = userRecord.u_sede.getDisplayValue() == current.sede.getDisplayValue();

}

---------------------------------------------------------------------------------------------------------------

answer = current.sede == gs.getUser().getRecord().u_sede;

0 Helpfuls
  • 1,196 Views
2 REPLIES 2

Michelle Bryant
ServiceNow Employee
ServiceNow Employee

‎08-08-2025 05:07 PM - edited ‎08-08-2025 05:08 PM

Common Issues in Your Scripts

1. Using getDisplayValue() for comparison

You're comparing display values, which are strings. This can fail due to:

  • Case sensitivity
  • Formatting differences
  • Localization
  • Timing of data availability

2. Best Practice: Compare sys_id values

Since both sede and u_sede are reference fields, the most reliable way is to compare their sys_id values, not their display values.

Recommended Script for ACL

var userRecord = gs.getUser().getRecord();

 

if (!current.sede || !userRecord.u_sede) {
    answer = false;
} else {
    answer = current.sede.toString() == userRecord.u_sede.toString();
}

Why this works:

  • toString() on a reference field returns its sys_id.
  • This avoids issues with display values and ensures a direct match.

 How to Test It

  1. Use the Security Rules Debugger (System Security > Debug Security Rules) to test the ACL.
  2. Log in as a user with a known u_sede and check if they can see records with matching sede.
0 Helpfuls

Michelle Bryant
ServiceNow Employee
ServiceNow Employee

‎08-08-2025 05:09 PM

Posting the script you should try : 

 

 

var userRecord = gs.getUser().getRecord();

if (!current.sede || !userRecord.u_sede) {
answer = false;
} else {
answer = current.sede.toString() == userRecord.u_sede.toString();
}

0 Helpfuls