ACL on custom table in scoped application not working

kunal16
Tera Expert

Hi All,

I have create a new custom table 'Allegations' in Human Resources: Core application which is associated to Employee Relations table (there is a reference field on Allegations that refers to Employee Relations table).

The requirement is users with role 'sn_hr_core.employee_relations' should be able to create records in Allegations table. Now, I updated the ACLs (created during table creation for Allegation) and added the role 'sn_hr_core.employee_relations' on the Create operation, but still users with that role are unable to submit any record in Allegations table as all the fields are read-only for them.

Note: All the other ACLs (CRUD) have the role 'sn_hr_core.employee_relations' added to them.

Any help will be appreciated.

Thanks in advance!

1 ACCEPTED SOLUTION

So if you create a 'create' ACL for sn_hr_core_allegation.*  for your role it will work.

There is an ootb box create ACL "*.*" which prevents writing into fields at creation.

You can then still control update access through appropriate fields level 'write' ACLs as needed.

The only risk I see is that a user could manipulate the "created_on" and "created_by" fields - **IF** you have them on the form and show them.

 

Mark Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.

 

Hope that helps, Christian

View solution in original post

11 REPLIES 11

Ankur Bawiskar
Tera Patron
Tera Patron

Hi Kunal,

Only giving role to CREATE ACL won't work; it will only show new button

you need to give that role to the WRITE ACL as well so that they can edit field values

Also enable debugging security rules to check which ACL is blocking that.

Mark Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Hi Ankur,

I have already created all the 4 ACLs (CRUD) with role as sn_hr_core.employee_relations but still the user is unable to edit any field on the Allegation table

Christian Prob2
Tera Guru

Hi Kunal,

could you post screenshots of the relevant ACLs and maybe what it shows if you turn on the Security Debugging (as @Ankur Bawiskar  suggested)? That would be extremely helpful for troubleshooting 😉

Hi Christian,

Please find the attachment for ACLs and Security Debugger