- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2016 11:54 AM
On the CMS website users can access their own profile page, I need to have all the fields grayed out for anyone without admin role or higher … except "date format" & "Time Zone" fields - these users with any role can edit/update. Tried modifying ACL rule by adding 'itil' to only those 2 fields, however, it is not working.
The only thing I can see that could be causing an issue is script in access control of this user table --> " gs.hasRole('admin') || gs.getProperty('glide.sm.default_mode') == 'allow' "
I'm not 100% sure if this is the issue? But if it is, then is there a way to modify that script so 'date_format' & 'time_zone' can be changed by anyone (itil, itil_inquiry_only'), and others still grayed out unless you have 'admin' role?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2016 02:51 PM
Hi Neal,
Ok, a number of things...
- You need a table-level ACL should be for ([sys_user].*) to require the admin role by default on this table's fields... not ([*].--none--)...
I wouldn't be adding the itil role to the OOB write ACL for the global table ([*]), this could cause you problems elsewhere... - You need a table-write ([sys_user].--none--) ACL setup for itil, or they won't be able to update any field because of (1)...
- Your "[sys_user].time_zone" is set for the "Execute" operation instead of "Write", change this to "Write"...
- Your "[sys_user].time_zone" ACL looks ok, but probably is making no difference if you don't have the table-write setup for itil.
Please read through the wiki article on using ACLs here, it has some pretty good graphics (make sure to look them over) that describe how ACLs get evaluated:
Using Access Control Rules - ServiceNow Wiki
Thanks,
-Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2016 12:24 PM
Hi Neal,
If you are trying to do this using ACLs, you would want:
- a write ACL on all fields in the table (i.e., [sys_user].*) that requires the admin role
- a write ACL on each field (i.e., [sys_user].date_format and [sys_user].time_zone) that requires the itil role
- a write ACL on the table itself ([sys_user]) that requires the itil role
Once a role is specified for access to something, then a role will be required to access that item (you can have mutliple ACLs on the same object with different roles specified, and any one of them will work, assuming the other conditions are met).
See if that works for you.
Thanks,
-Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2016 12:46 PM
So I've tried this way already. I have 'admin' on the table, on both fields i have 'itil', and I have 'itil' on the table itself. But doesn't seem to work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2016 01:06 PM
Hi Neal,
When you say "doesn't seem to work"... what are your results, exactly? What's happening, or not happening, so to speak?
And if you could post some screenshots of your ACLs, that might help.
Thanks,
-Brian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2016 01:31 PM
