Why table.none write acl grant access to edit fields of custom table

Go to solution
abrouf
Kilo Sage

‎11-21-2023 04:36 PM

I created a custom table with Extends table - Asset and a role -test_asset then, created Table.None write ACL with a custom role - test_asset, but non-admin users with role - test_asset are able to edit the custom fields that I added.

 

Any idea or suggestion is appreciated.

 

Thank you.

abrouf

0 Helpfuls
  • 1,067 Views
1 ACCEPTED SOLUTION

Go to solution
abrouf
Kilo Sage

‎11-29-2023 08:40 AM

The issue has been resolved by creating a write ACL for all fields (Table.*) and adding an admin role, I thought the admin already had write access by default. so didn't do so earlier. 

Got this idea from here:

https://www.servicenow.com/community/secops-forum/how-to-give-write-access-to-specific-field-on-form...

Still didn't get the logic, if anybody knows, please drop here with the ServiceNow ACL documentation.

View solution in original post

0 Helpfuls
7 REPLIES 7

Go to solution
AnveshKumar M
Tera Sage
Tera Sage

‎11-21-2023 04:53 PM

Hi @abrouf 

From what I understood, You have created a Table which extends asset table with few custom fields.

Then you have created a write ACL on newly created table at Row Level (Table.None) with test_asset role.

 

If you have not created any ACL at field levels like Table.* or Table.FieldName, the Table.None ACL can give the users with write access on custom fields which are created in extended table. This is because of ACL is searched from the most specific to the most generic match.

As there is no field level ACL it matches the Row Level ACL to grant the access.

 

If you want to restrict the access, you can create an ACL at field level like Table.* OR Table.FieldName.

 

 

Please mark my answer helpful and accept as a solution if it helped 👍

Thanks,
Anvesh
0 Helpfuls

Go to solution
abrouf
Kilo Sage
In response to AnveshKumar M

‎11-22-2023 08:46 AM

Thank you Anvesh for your explanation.

Actually, I did the following in addition to the default ACLs of the custom table to achieve the goals of giving the users with a particular role allowing them to edit a few fields among many custom fields:

1. Created field-level read ACL (Table.*)

2. Created table-level write ACL (Table.None) ACL

3. Created custom fields on a custom table

4. Create a few field-level write ACL to allow some users to edit some fields (Table.field name)

 

but now users can edit all fields of the custom table.

Thank you again.

abrouf

 

 

0 Helpfuls

Go to solution
Sandeep Rajput
Tera Patron
Tera Patron
In response to abrouf

‎11-22-2023 10:00 AM

@abrouf Please use ACL Debugging tools https://docs.servicenow.com/bundle/vancouver-platform-security/page/administer/contextual-security/c... to check which ACLs are granting access to users on the custom table.

0 Helpfuls

Go to solution
abrouf
Kilo Sage
In response to Sandeep Rajput

‎11-22-2023 11:22 AM

Thank you Sandeep for pointing the resources.

I did it & found these:

 
Base
 
 
 record/u_test_lab.u_base/read = true (0:00:00.000)
 record/u_test_lab.u_base/write = true (0:00:00.000)
I didn't give field-level write access but still showing
0 Helpfuls