Assignment group members can edit respective incident. for other users incident should be read only

Go to solution
abc1233
Tera Contributor

18 hours ago

Only Assignment group members can edit respective incident. for other users incident should be read only except worknotes , worknotes should be editable to all itil users, please give me "Deny Unless" ACL because if im trying to create normal ACl , because of OOB ACL's my ACL is not working.

0 Helpfuls
  • 337 Views
1 ACCEPTED SOLUTION

Go to solution
Anand__99
Kilo Sage

14 hours ago - last edited 14 hours ago

Hi @abc1233 ,

 

You need to create two Deny Unless ACL's to achieve this: -

1) Create a Deny Unless ACL on write operation

Make sure you are not creating it on table but on field level - incident.*

If you create incident.none it is going to restrict write access to all records which do not satisfy condition, it's not going to check for your field level ACL

Anand__99_4-1780665198382.png

Anand__99_5-1780665229383.png

 

 

 

2) Create a Deny Unless ACL on write operation to allow adding work notes

Anand__99_3-1780665165920.png

 

 

If this solves your query mark this as correct/helpful.

 

Thanks

Anand

View solution in original post

0 Helpfuls
11 REPLIES 11

Go to solution
Tanushree Maiti
Tera Patron

18 hours ago - last edited 18 hours ago

Hi @abc1233 

 

To achieve this requirement, you can create a Deny Unless Write ACL on the Incident table and another on the work_notes field. Because Deny Unless ACLs are evaluated with higher precedence than standard ACLs, they can be used to enforce your custom access criteria and effectively override the default OOB write access behavior.

 

  1. Table level deny acl
  • Type: record
  • Operation: write
  • Name: Incident [incident]
  • Decision Type: Deny unless
  • Condition: Assignment group is dynamic One of my groups // update condition as per your requirements.

if (current.assignment_group.nil()) {

    answer = true;

} else {

    answer = gs.getUser().isMemberOf(current.assignment_group);

}

 

  1. Field level Deny Acl

Type: record

Operation: write

Name: Incident [incident] -> Select work_notes from the field dropdown.

Decision Type: Deny unless

Roles:  itil

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls

Go to solution
abc1233
Tera Contributor
In response to Tanushree Maiti

18 hours ago - last edited 18 hours ago

Hi @Tanushree Maiti 

i tried this but still worknotes are not editable

0 Helpfuls

Go to solution
Mark Manders
Giga Patron
In response to abc1233

18 hours ago

Did you clear your cache or log out/in again after creating the ACLs?


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Go to solution
abc1233
Tera Contributor
In response to Mark Manders

17 hours ago

@Mark Manders yes i did

0 Helpfuls