ACLs and Views - having trouble getting specific fields to show in ESS view
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-22-2012 08:19 AM
We have just recently started using the ESS homepage for our clients to be able to view their own Incidents and Requests. Currently, when they launch a record from their homepage, the Incident form is locked down. I would like to be able to allow clients to add Comments from the form, and see their comments in the Activity log as well. But, I can't seem to get the field to show up. All I get is the label. I added ACL for read/write/create and set the condition: caller_id = javascript:gs.getUserID()
But, when I impersonate an ESS user, I still can't see or edit the Additional Comments field. What am I missing? Is there something else, like the view that is locking the form down, so that I can't overwrite that with ACLs? We're still on June 11 version, not on Aspen yet. I know that the ACL stuff is changing, so maybe I should just wait until we upgrade, and then revisit this if I'm going to end up having to change it then.
- Labels:
-
Orchestration (ITOM)
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-23-2012 12:48 PM
ACLs are evaluated from top to bottom starting with * through to the field level. So if you have an ACL on incident.comments it should override the one on task.comments because task is higher level in architecture... I hope that makes sense...
If you want comments field to have the same permissions on all of the tables that extend task, then you would create one ACL on task and not create any ACLs for that field on any other tables, unless they need to be different.
So when you say you've created an ACL for read/write/create what is the name of it? Because it looks like system is applying the *.* ACL for create action.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-23-2012 01:09 PM
I have a Create on the rm_release table. Sorry, thought I'd done it on the Incident table as well, but I started on release. It doesn't work there, either...
I have a Create where role is ITIL, and a Create where requested_by is javascript:gs.getUserID()
But, when I do the debug, the create ones aren't showing up:
Work notes:
record/rm_release.work_notes/read = true (0:00:00.000)
FIELD : task.work_notes/read = true (0:00:00.000)
record/rm_release.work_notes/write = true (0:00:00.000)
ROW : rm_release/write = true (0:00:00.000)
FIELD : task.work_notes/write = true (0:00:00.000)
Additional comments (Customer visible):
record/rm_release.comments/read = true (0:00:00.000)
FIELD : rm_release.comments/read = true (0:00:00.000)
record/rm_release.comments/write = true (0:00:00.001)
ROW : rm_release/write = true (0:00:00.000)
FIELD : rm_release.comments/write = false (0:00:00.001)
FIELD : rm_release.comments/write = true (0:00:00.000)
I'm sure I'm doing this all wrong...I'm not having a lightbulb moment yet on these ACLs, just getting more confused...
Bottom line is that I forsee that we want our customers to be able to enter comments if they can get to the form via ESS homepage. And, they need to be able to review the comments that have been logged in those same records. So, with that being said, can you walk me thru exactly what I'd need to do to get this working? I really appreciate your help on this, I feel pretty stupid that I can't get this figured out on my own.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-23-2012 01:34 PM
Wiki: http://wiki.service-now.com/index.php?title=Using_Access_Control_Rules
There isn't too much info but it is good to start with, if you haven't seen it before.
Another place I would look at would be the Demo, what you are trying to accomplish is already implemented there, which means it should work out of the box. I've attached 3 images to give you an idea of that is there. There are 2 ACLs for comments field because one evaluates on condition and the other one just checks the Roles. Unless you want all three (Condition, Script and Role Required) to evaluate to true with an AND in between you need to create separate ACLs and it will treat those as an OR.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-23-2012 03:04 PM
I did the above, but no matter what I do, the field doesn't show up, just the title of the field. And, the debug icon doesn't show up either, when impersonating Joe Employee. All the other fields, including short description, date fields, etc, all have the debug icon, just not the Comments field. If I log in as any other role, the debug icon, the field, the title are all there. Just not ESS users. I don't understand it. Is there something else locking down the forms besides ACLs? Is it the Self-service view?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-25-2012 09:59 AM
There are several places that Roles can be set for the read/write on the field: ACL, Dictionary, Personalize Security, Client Scripts... The fact that you only see the label and not the field bothers me. And I am not sure how to help you without seeing the system, sorry.
See if you get any JavaScript errors on page load. Do you have any Client Scripts that somehow use/affect this field? Use firebug and see if the entry field gets loaded at all and possibly gets set to hidden by a script...
I have a feeling that it is something simple but I just don't know what... sorry...
