what is *.* ACL in servicenow?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-11-2020 08:31 AM
what is *.* ACL in servicenow? and how it different from * ACL.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-13-2020 11:17 PM
Hi,
*. ACL is Table ACL rule
It means match any table name (*). For example, *.
*. *is field ACL rule.
*.* is match any table (*) and any field (*).
Table ACL Rule
The user must first pass the table ACL rule. Since the base system includes STAR (*) table ACL rules that match every table, the user must always pass at least one table ACL rule. The base system provides additional table ACL rules to control access to specific tables.
- Match the table name. For example, incident.
- Match the parent table name. For example, task.
- Match any table name (*). For example, *.
If a user fails all table ACL rules, the user cannot access the fields in any table. If a user passes a table ACL rule, the system then evaluates the field ACL rules.
Field ACL Rule
- Match the table and field name. For example, incident.number.
- Match the parent table and field name. For example, task.number.
- Match any table (*) and field name. For example, *.number.
- Match the table and any field (*). For example, incident.*.
- Match the parent table and any field (*). For example, task.*.
- Match any table (*) and any field (*). For example, *.*.
A user must pass the table ACL rule to be granted access to the table's fields. For example, the user must first pass the table ACL rule for the incident table to access the Number field in the incident table.
The first successful field ACL evaluation stops ACL rule processing at the field level. When a user passes a field ACL rule, the system stops searching for other matching field ACL rules. For example, if a user passes the field ACL rule for incident.number, the system stops searching for other ACL rules that secure the Number field in the incident table.
If my answer helped you in any way, mark answer as helpful and correct.
Thanks and regards,
Megha.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-13-2020 11:20 PM
Hi Ranj,
Let me break it down for you.
Every ACL is consists of two parts, table and field and in presentation, they are denoted as table.fieldName. (*) represent all so in *.* it says all the table and all the fields.
As Sebastian already explained *.* is a global ACL and executed if the field doesn't have there own field-level ACL.
Let say you have created a table with no security rules then *.* will work on this.
Let say on the incident table you don't have an ACL for correlation ID field, well in that case * will get executed for correlation id.
I hope that helps. Have a great day 🙂
Thanks & Regards,
Sharjeel
Muhammad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-13-2020 11:26 PM
*.* applies to all fields for all tables that do not have any ACL's defined.
ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-14-2020 06:36 AM
Hi Ranj,
If am able to suggest you please mark answer as correct so thread will close and use for others.
Thanks
