Restrict read access to records based on cat item

conanlloyd
Giga Guru

‎01-05-2022 05:49 AM

I have been asked to restrict read access to the sc_req_item table to only show records to users with the wis_api role to only see RITMs where the RITM item fullfillment group is Windows Info Services or the RITM assignment group is Windows Info Services.

I created this ACL:
find_real_file.png

but still cannot see any records when I impersonate the user with the role. Instead I get this:
find_real_file.png

 

Any thoughts?

Labels:
Preview file
40 KB
Preview file
34 KB
0 Helpfuls
  • 853 Views
6 REPLIES 6

conanlloyd
Giga Guru
In response to shloke04

‎01-05-2022 06:44 AM

Interesting discovery.  The ACL doesn't filter the results and only show the allowed ones.  It actually just blocks the view for any that don't match out of what is currently being viewed.

For example, I'm showing 100 per page and on the first page, 100 rows are removed by security constraints.  When I go to the second page, 97 are removed and 3 are visible.

This isn't what I need.  Does anyone know how to actually filter the results and just return the appropriate records?

0 Helpfuls

Mohit Kaushik
Mega Sage
Mega Sage
In response to conanlloyd

‎01-17-2022 02:35 AM

You can use the query BRs. That can help you achieve the default hidden filters and only display the correct results.

Thanks,
Mohit Kaushik
ServiceNow MVP (2023-2025)
0 Helpfuls