Field level ACL is not working in Service Portal

pooja V1 · ‎03-07-2024

Hello,

We are having issues with ACL in service portal. There is a ACL on field 'Issue' on knowledge Article table. It is a read ACL which gives access to users with 'itil' role. When a user without itil role views the article in service portal or in 'kb_view' page in platform the issue field is also visible. The ACL is not restricting the field from view.

Anyone has any idea if ACL's on field level doesn't work in Service Portal or can it be achieved in any other way?

Sandeep Rajput · ‎03-07-2024

@pooja V1 Can you check if there is a table.* or more than one field level ACLs define on the Issue field which is granting the non itil user read access to the Issue field. Please use the access analyser or ACL debugger to identify which ACL is granting access here.

pooja V1 · ‎03-07-2024

There is only one ACL on the 'issue' field on article template.

Hajar BENJAHHAR · ‎03-07-2024

Hello pooja,

I think the problem is not in acls but in the ui macro kb_view_common_content.

You have to add conditional display logic in ui macro kb_view_common_content based on the user's permissions.

you can modify the macro to include ACL (Access Control List) checks as shown below :

 <j2:if test="$[knowledgeRecord.name_of_field.canRead()]">
	    <div>
		<g2:no_escape>$[NS:knowledgeRecord.name_of_field]</g2:no_escape>
		</div>
</j2:if>

Make sure to replace 'name_of_field' with the appropriate name.

Best regards,

Hajar

pooja V1 · ‎03-07-2024

Hello Hajar,

Actually the main issue I am facing in the portal widget 'Knowledge Article Content' which is OOB. I seared in Angular script for canRead(), but there isn't anything.

Hajar BENJAHHAR · ‎03-07-2024

Could you please share a screen, if it is possible ?