What is difference between table.none and table.* in ACL? Please explain with an example.

Tejashvi
Giga Contributor

Hii,

 

What is the difference between table.none and table.* in ACL form ?Please explain with an example.

 

Thanks in advance!!!

1 ACCEPTED SOLUTION

Allen Andreas
Administrator
Administrator

Hi,

For table.none means that you are applying the ACL at the table level.

For table.*, means that you are applying this for all rows/fields on that table which don't have their own specific table.field ACL. So it's more of a "meta-ACL", if you will.

Then there's table.row/field, means you are applying this for that specific field.

For ACLs you first need access to the table, then to the field. Think of it as walking up to a house. You can't get in the house (table) without the door being unlocked. Once inside, the rooms, are the rows/fields. So those need to be unlocked as well to go in to those (table.* or table.row/field).

More discussion found here: https://community.servicenow.com/community?id=community_question&sys_id=fa788feddb1cdbc01dcaf3231f96...

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

View solution in original post

10 REPLIES 10

Anil Shewale
Mega Guru

Hi

Table.* is a field level ACL which gives Access to all field on that table.

Table.none is a row level ACL allows you to access records.


Basically the answer is simple yet tricky. Table.None is used when you are not bothered about columns and this only take care of records/rows.

Table.* comes to picture when your focus comes to field level , say you want to control the column access like making all read only. Also overriding the other ACL with table.column1/2/3.

Example 1

 

Operation

User 1

User2

User 1 with role1

User 2 with role2

READ

Table.none

Table.none

Can read and write all fields

Can read and write all fields

WRITE

Table.none

Table.none

 

Example 2 : Table . * are used restrict purpose simply.

Operation

User 1

User2

User 1 with role1

User 2 with role2

READ

Table.none

Table.none

Can read and write all fields

Can Only read all fields

WRITE

Table.none

Table.none

WRITE

Table.*

 

 

Example 3 :

Operation

User 1

User2

User 1 with role1

User 2 with role2

READ

Table.none

Table.none

Can WRITE all field except field 1

All field read except field 1

WRITE

Table.none

Table.none

WRITE

Table.*

Table.field1

 

If it help mark helpful or correct 

Thanks and regards

Anil

Samantha Sam
Tera Contributor

How on this earth is this connected to Devops?

Hi nk,

People can choose any forum section they'd like and most likely accidentally picked the wrong thing? It does happen?

Sorry for the inconvenience!

Take care!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

KV_CTS
Tera Contributor

Great that other community users have responded hence, I am going to give a different example to add clarity (if needed by others)

 

Think of a Table as a house and fields of a table as rooms in that house. With that in mind, table.* is essentially a key to all the rooms. So, it controls access to all fields in a table, unless overridden by specific field-level ACLs whereas, table.none controls access to records in the table, but does not apply to fields. It's often used to determine if a user can access any record in the table at all.

An example of how and when you would wish to use something like this could be:
table.*:

Use when you want to define general access rules for all fields in a table.
Example: Allow all users to view all fields in the Incident table, but restrict editing specific fields with individual field-level ACLs.

table.none:

Use when you want to control whether a user can access any records in the table at all.
Example: Allow only certain roles to view any record in the Change Request table, but leave field-level access to specific field ACLs.

 

Please mark my reply as Helpful/Correct, if applicable. Thanks! Might take a second for you and will help me 🙂

Nani nanee
Tera Contributor

Generally "table.none" grants access to all records within a table without any restrictions on individual fields, while "table.*" grants access to all fields within a table, but only if there isn't a more specific field-level ACL rule in place.