Which ACL execute first row or field level?

Manikantahere
Tera Contributor

‎10-30-2024 05:08 AM

Lets consider I am having Health Care Table

 

X role : table.none  for both read and write ACL's

 

Y role : table. caller ACL

 

the user who having Y role cant see caller as he not even having table access then i am not getting the sentence while execution it will search for most specific to most general in this case most specific is allowing the user to see caller but most generic not...right? so what makes this sentence 

  • 1,125 Views
3 REPLIES 3

Runjay Patel
Giga Sage

‎10-30-2024 05:43 AM

Hi @Manikantahere ,

 

Processing Order: The ACL rules are checked in a sequence where table-level (general) permissions are assessed first, followed by field-level (specific) permissions. This is the operational or technical order of processing.

 

Conceptual Understanding of Access: Conceptually, even though the more general table-level permissions are checked first, access to a specific object (like a field) is only 'realized' or 'granted' after passing through the more specific field-level permissions. In other words, the user's effective access to specific objects (fields) is determined after the general permissions (table-level) are cleared.

 

So, while the operational order is from general to specific (table then field), the actual granting of access (conceptually) to specific objects (fields) is considered the final step. The phrasing in the documentation might be highlighting this conceptual viewpoint rather than the literal sequence of checks.

 

-------------------------------------------------------------------------

If you found my response helpful, please consider selecting "Accept as Solution" and marking it as "Helpful." This not only supports me but also benefits the community.


Regards
Runjay Patel - ServiceNow Solution Architect
YouTube: ServiceNow With Runjay
LinkedIn: https://www.linkedin.com/in/runjay

-------------------------------------------------------------------------

Manikantahere
Tera Contributor
In response to Runjay Patel

‎10-31-2024 11:11 AM

You can see the below reference where I am pointing out they are mentioning that to grant or deny access the acl is searched from the most specific to the most generic match.

 

acl.png

 

0 Helpfuls