ACL on custom table in scoped application not working

kunal16 · ‎01-29-2020

Hi All,

I have create a new custom table 'Allegations' in Human Resources: Core application which is associated to Employee Relations table (there is a reference field on Allegations that refers to Employee Relations table).

The requirement is users with role 'sn_hr_core.employee_relations' should be able to create records in Allegations table. Now, I updated the ACLs (created during table creation for Allegation) and added the role 'sn_hr_core.employee_relations' on the Create operation, but still users with that role are unable to submit any record in Allegations table as all the fields are read-only for them.

Note: All the other ACLs (CRUD) have the role 'sn_hr_core.employee_relations' added to them.

Any help will be appreciated.

Thanks in advance!

Christian Prob2 · ‎01-29-2020

So if you create a 'create' ACL for sn_hr_core_allegation.* for your role it will work.

There is an ootb box create ACL "*.*" which prevents writing into fields at creation.

You can then still control update access through appropriate fields level 'write' ACLs as needed.

The only risk I see is that a user could manipulate the "created_on" and "created_by" fields - **IF** you have them on the form and show them.

Mark ✅ Correct if this solves your issue and also mark 👍 Helpful if you find my response worthy based on the impact.

Hope that helps, Christian

View solution in original post

Ankur Bawiskar · ‎01-29-2020

Hi Kunal,

Seems the attachment is missing

Regards

Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

kunal16 · ‎01-29-2020

+Attachment

kunal16 · ‎01-29-2020

Seems some issues with adding the attachments, pasting the screenshots here itself

1. Create ACL

2. Read ACL

3. Write ACL

4. Delete ACL (this will be updated later)

5. Security Debugger Logs

Ankur Bawiskar · ‎01-29-2020