Restrict Task SLA visibility to application-specific records in scoped ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
6 hours ago
Hi All,
The ACL created on the task_sla table currently allows application-specific role users to view SLA records for all tasks across the instance. While this behavior is working as designed, users are also able to see Task SLA records belonging to other applications, which is not desired.
I created a read ACL on the task_sla table from my custom application scope and assigned specific roles. With this, users are able to view Task SLAs successfully. However, I want to restrict visibility so that users can only see Task SLA records related to my application.
When I try to add Data Conditions or a Script to the ACL, I encounter the following error:
“Invalid 'Access Control' record. Even though the selected outside table 'Task SLA' is allowed, a table-level Access Control on an outside table cannot contain a condition or script. Only roles are allowed.”
Could you please advise on how to restrict access so that users can only view Task SLA records specific to my application, and not all Task SLA records in the instance?
Thanks in advance,
Spandu S
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Hi,
Assuming your scoped application is setup for application administration, you can apply a table read ACL with a role, but with no condition. I assume your condition is trying to filter based on scope? Or do you have a more complex requirement that requires a condition/script?
https://www.servicenow.com/docs/csh?topicname=ACL-access-checks.html&version=latest
