Restrict all approvals list
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2018 09:38 AM
My users have access to the My Approvals link in several locations (Self Service, Service Desk, Contracts).
Users are able to use the All link in the breadcrumbs from the My Approvals page (sysapproval_approver_list.do) to see all of the approvals ever generated. I have tried to create a read ACL on the sysapproval_approver table to restrict the display of records to approver = dynamic me but that did not work. What am I missing here?
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2018 09:41 AM
Can you check if there are multiple read ACLs on sysapproval_approver table. Because there might be other read acls allowing access to the table
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2018 09:41 AM
There is probably another ACL in place providing the access to view, or if you are viewing as yourself, you most likely have admin and can see all.
You could also create a before query business rule on the sysapproval_approver table to include that query parameter if you'd like.
Example here:
https://docs.servicenow.com/bundle/kingston-application-development/page/script/business-rules/concept/c_ExScrDefBeforeQueryBusinessRule.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2018 09:46 AM
There is an OOB ACL for read that checks a system property called 'glide.approvals.restrict_by_record' By default it is set to falue. If you set it to true and have no other read ACLs it should restrict ESS to only see their own approvals.
A
