Restrict update of sys_user record from users with ITIL role

Kartikey_05 · ‎05-03-2023

Hi Everyone,

my requirement is to restrict the update of sys_user record for users of a certain group (the users of these group cannot write on a user record) Threre were two field level ACL's i came across (please see attached image)

ACL 1:

ACL 2:

When i made changes in the script of the second ACL, it works fine for other field level ACL on sys_user table
but since there are two ACL for this field , the ACL 1 is overriding this and granting write access to users with ITIL role.

How do i restrict the write access of users from a particular group even if they have ITIL role?

John Zhang1 · ‎05-03-2023

If you don't want all Itil user to update user record, only for the special group, you can remove "ITIL" role and add the following script to ACL script. Ensure you copy OOTB of ACL to make this change.

Community Alums · ‎05-03-2023

Hi @Kartikey_05 ,

Your idea of creating 2 ACLs is good, but the ACLs you created doesn't go well with your requirement.

Please follow the solution : https://www.servicenow.com/community/itsm-forum/restrict-itil-user-from-change-a-user-s-profile/m-p/...