Set value of read only field

sigmachiuta
Kilo Guru

‎07-30-2015 02:47 PM

I am running a client script that will set the value of a read only field (by ACL).   I am needing to update this field in a client script but since it is read only I am not able to update the field.   How can I set the field in a client script with it being read only.   It works if I try with my admin account (the acl only allows admins to update the field)

I have tried with g_form.setReadOnly but that didnt work.

var answer = confirm('This incident will be marked Resolved?');


if (answer == true){


g_form.setReadOnly('u_resolved','false');


g_form.setValue('u_resolved','true');


                                                                                               


 }


 else g_form.setValue('u_resolved','false');




                                                               }


}
0 Helpfuls
  • 8,136 Views
8 REPLIES 8

jamie_girouard
Giga Expert

‎07-30-2015 03:20 PM

If you have a user account that cannot write to a field due to a ACL restriction, I'm not sure you're not going to be able to update the field in this manner.  


.


0 Helpfuls

sigmachiuta
Kilo Guru
In response to jamie_girouard

‎07-30-2015 03:23 PM

So there is no way to update a read only acl field with a client script?


0 Helpfuls

jamie_girouard
Giga Expert
In response to sigmachiuta

‎07-30-2015 03:28 PM

Even if you can change the value of a read-only field, the update won't take because you'll get caught up in the ACL restriction.



There are ServiceNow constructs that can update fields regardless of ACL restriction.   A business rule, for example.   Or perhaps a UI Action using GlideAjax that automatically updates the record with the new value.   I don't know your specific use case, so I'm not sure what would work in your situation.


0 Helpfuls

coryseering
ServiceNow Employee
ServiceNow Employee
In response to sigmachiuta

‎07-30-2015 03:35 PM 

So there is no way to update a read only acl field with a client script?



That's correct. ACL's run server-side, before database operations, specifically to prevent users who should not have access rights to records or fields from creating, reading, or writing them (depending on the rules set up per field/table).



This is the explicit design goal of the ACL system.


If a user needs write-access to the field, open access to it by creating or modifying the appropriate ACL.



Why does the value need to be written client-side? This sounds like the sort of logic a Business Rule would typically cover.



If you want to open the field for modification by these users, but make it more difficult for them to actually write to the field, you can grant them access via an ACL, and make the field read-only via a UI Policy. However, as you yourself have noted, it is fairly trivial to set values into read-only fields via client-side scripting.



Data Policies are another option, for making fields read-only under certain circumstances, and they can be set up to also be evaluated server-side.



I think you need to reconsider your design. Whenever you run into a paradox like "users need to be allowed to write to this field, but also should not be allowed to write to this field", there is likely a better way to implement your solution.