Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Table Level ACL is overriding Field level ACL? Howto override Table level ACL

JG16
Tera Contributor

‎09-19-2019 06:11 AM

Hi,

I have table called HRProfile it has some ACL's on it

1. HRProfile  allowed to all

2. HRProfile.* allowed to only if record belongs to logged in user or some xx role and if the field is belongs to some predefined hardcoded fields

now i have added one new field to the table and it should be visible to only perticular role people so i have created 3rd rule

3. HRProfile.area allowed to only perticular role but due to above 1 & 2 ACL's it is not working means if the user is not belongs to perticular role they are able to read the field value. 

 Note : I don't want to disturb/Edit the 1 and 2nd Rules, without touching 1 and 2 i should achieve this.

How to achieve this .

Thanks 

JG

 

 

0 Helpfuls
  • 1,812 Views
6 REPLIES 6

K_ Scott Engstr
Kilo Guru

‎09-19-2019 06:17 AM

ACLs are designed to be permissive by default, no matter how many different ACLs you have (let's say 5), even if 4 of them would disallow, if just 1 of them will allow, then the user is allowed.  The best strategy is to have your HRProfile.* disallow access for all fields.  Then add 1 ACL per field you want to expose, starting with HRProfile.area as a validation.

JG16
Tera Contributor
In response to K_ Scott Engstr

‎09-19-2019 06:20 AM

Hi,

Thanks For your reply. As I said i am not allowed to touch any existing ACL's, based on your saying i think I have to go some other way to hide the column (like Client Script or UI policy) rather than ACL. 

Thanks anyway.

0 Helpfuls

Sanket Khabiya
Kilo Sage

‎09-19-2019 06:51 AM

Hi ,

You can Achieve this by Creating Display Business Rule and Onload Client Script.

Step 1: In the Display BR first check the role of Current logged in user to which you want to show that field.

If role is matched then by using g_scratchpad you have to pass it as true 

and if role is not matched then pass to false.

Step 2: Now create onLoad client Script, and get the g_scratchpad in 1 variable.

And check this variable value == true

then you can set that particular field Visible by using g_form.setVisible('field_name',true); 

Regards,

Sanket

Sanket Khabiya
Kilo Sage
In response to Sanket Khabiya

‎09-19-2019 07:00 AM

Please Refer below Code :


Display Business Rule:


(function executeRule(current, previous /*null when async*/) {
	
	if(gs.hasRole('itil'))   //add your role
	{
		g_scratchpad.data = true;
	}
	else
	{
		g_scratchpad.data = false;
	}
	
})(current, previous);

OnLoad Client Script: 

function onLoad() {
	//Type appropriate comment here, and begin script below
	alert(g_scratchpad.data);
	if (g_scratchpad.data == true) {
		g_form.setVisible('business_service',true);     //add your field 'area'
	}
	else
		{
			g_form.setVisible('business_service',false);     //add your field 'area'
		}
}

 

Can you mark my answer as Correct, Helpful if you were able to achieve the requirement & then close the thread.

Thanks in advance.

Regards,

Sanket