Write ACL not working on form fields

booher04
Tera Guru

‎04-03-2018 07:21 AM

I have been having a lot of issues with ACLs.  I have a need for one group(one user in that group) to be able to write to a certain few fields on the cmdb_ci_service table.  All other fields should be read only(as they are right now).  I tried setting the write ACLs on each field that I want the group with role bs_user_role to be able to write to or edit.  It's still showing as a read only field for all.  I assume this is because of an ACL on the table not allowing it.  Any advice on this?  The screenshot shows the fields circled that have the write ACL on them and I'm logged in as the user.  They are still showing as read-only.  

find_real_file.png

Preview file
41 KB
0 Helpfuls
  • 3,841 Views
21 REPLIES 21

John Palmer
Tera Expert

‎01-10-2024 12:08 PM

After troubleshooting a similar issue for an afternoon and all the following morning... I found I had dictionary settings on this ONE table (after being succesful with 4 other tables) that set the fields to Read-Only, and this kept the Write ACLs from even being processed. (I suspect that Client Scripts or anything else that set these to Read-Only would do the same).
AFTER finally figuring that out myself, I found a KB indicating the same thing. (Can't find it now to post here, naturally). 

0 Helpfuls

John Palmer
Tera Expert
In response to John Palmer

‎01-10-2024 12:12 PM

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0748311

KB0748311 
 

Description

A field is still read-only even after a user is granted permission via a field-level ACL and a table-level ACL..  Further, when bringing up the Debug Security Rules, there is no log indicating the ACL being executed at all.  Not even greyed-out

 

Cause

One of the causes might be that the field is defined as read-only in its sys_dictionary entry.

Resolution

Uncheck the 'Read only' box in the field's sys_dictionary record.

 

0 Helpfuls