Table level ACL overriding Field level ACL

eashwar · ‎05-03-2016

Hello Folks,

We have a custom table called ast_contract which is used to store contract information.

We would like to have ITIL users to view just Contract# and its Short Description and Manager can view Full information.

1. We currently have a table level ACL which has role manager (Attached screen shot)

2. ACL to allowing ITIL users to view short description (Attached screen shot)

On debugging i see that table level ACL is overriding Field Level ACL for ITIL users. Is there a solution to overcome this situation.

Thank you,

Eashwar Elumalai

Dan117 · ‎05-03-2016

Table level ACLs are always evaluated. You need to allow itil users table level access. Then create a wildcard field level access to only the manager role. This then restricts all the fields on the table to that role, unless a specific field level rule is defined. Then your ACL allowing ITIL users will work properly.

Using Access Control Rules - ServiceNow Wiki

coryseering · ‎05-03-2016

Spot on!

Abhinay Erra · ‎05-03-2016

Eashwar,

You have 2 create 4 ACL's

Field Level ACL:

1) ast_contract.short_description - add roles itil and role for your manager if he has one or else you can write a script to see if the logged in user is the manager

2)ast_conract.number- add roles itil and role for your manager if he has one or else you can write a script to see if the logged in user is the manager

3)ast_contract.* - add role for your manager if he has one or else you can write a script to see if the logged in user is the manager

Table Level ACL:

4)ast_contract - add itil, add role for your manager if he has one or else you can write a script to see if the logged in user is the manager