ACL on custom table in scoped application not working

kunal16
Tera Expert

Hi All,

I have create a new custom table 'Allegations' in Human Resources: Core application which is associated to Employee Relations table (there is a reference field on Allegations that refers to Employee Relations table).

The requirement is users with role 'sn_hr_core.employee_relations' should be able to create records in Allegations table. Now, I updated the ACLs (created during table creation for Allegation) and added the role 'sn_hr_core.employee_relations' on the Create operation, but still users with that role are unable to submit any record in Allegations table as all the fields are read-only for them.

Note: All the other ACLs (CRUD) have the role 'sn_hr_core.employee_relations' added to them.

Any help will be appreciated.

Thanks in advance!

1 ACCEPTED SOLUTION

So if you create a 'create' ACL for sn_hr_core_allegation.*  for your role it will work.

There is an ootb box create ACL "*.*" which prevents writing into fields at creation.

You can then still control update access through appropriate fields level 'write' ACLs as needed.

The only risk I see is that a user could manipulate the "created_on" and "created_by" fields - **IF** you have them on the form and show them.

 

Mark Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.

 

Hope that helps, Christian

View solution in original post

11 REPLIES 11

Hi Kunal,

Seems the attachment is missing

Regards

Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

+Attachment

Seems some issues with adding the attachments, pasting the screenshots here itself

1. Create ACL

find_real_file.png

 

2. Read ACL

find_real_file.png

 

3. Write ACL

find_real_file.png

 

4. Delete ACL (this will be updated later)

find_real_file.png

 

5. Security Debugger Logs

Hi Kunal,

Seems strange. Did you check any onload client script or UI policy which is making it readonly

Regards

Ankur

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

So if you create a 'create' ACL for sn_hr_core_allegation.*  for your role it will work.

There is an ootb box create ACL "*.*" which prevents writing into fields at creation.

You can then still control update access through appropriate fields level 'write' ACLs as needed.

The only risk I see is that a user could manipulate the "created_on" and "created_by" fields - **IF** you have them on the form and show them.

 

Mark Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.

 

Hope that helps, Christian