Hierarchy of Client Script, UI Policy and Business Rule and ACL

ruzzty06
Tera Expert

Does anyone know the hierarchy, say ACL says read/write, then i have a script to say readonly. What will apply? Same with others, UI Policy and Client Script, what will be applied.

10 REPLIES 10

palanikumar
Mega Sage

Hi,



They all are created for different purpose. Don't get confused with each other.



ACL - Purpose of this is to ensure what data users can access and how they can access it


Client Script - This is for Client side (or browser side) validataion. Client side validation includes, making a field mandatory, readonly, hidden etc. This will get applied only at the browser.


UI Policy - This is similar to Client Script, except that not need to write a script


Business Rule. This script runs at the server side when a form Insert, Update etc. This can do some action that can be acheived only by running from Server.


Thank you,
Palani

Yes i know, but I can basically do some same things using those. So i can make a field read only by using ACL, Client script, and ui policy. So if each 3 has its implementation of readability/writability of the given field, which will be applied? That is my question, which will take over?


ACL will have a higher precedence. If a field is made read only using ACL, it you can't wirite by any way.



Client Script and UI Policy will get applied based on the order you have choosen. Please note that even if you restricted a field using Client Script / UI Policy you have multiple ways to write (eg, you can do it using List view, backend script, or a different view etc). But ACL is global.


Thank you,
Palani

The SN Nerd
Giga Sage
Giga Sage

Field State (Mandatory,Visible, Read only) is generally applied in the following order of preference, where one is the top preference:


  1. ACL (Visible/Disabled)
  2. Dictionary Entry (Mandatory/Disabled)
  3. UI Policy (Mandatory/Visible/Disabled)
  4. Data Policy as UI   (Mandatory/Disabled)
  5. Client Script (Mandatory/Visible/Disabled)


Examples:


If the user does not have write access to a field (ACL), a UI Policy to make it editable will do nothing.


If a field is set to disabled on a Dictionary Entry, a UI Policy to make it mandatory or editable disabled will do nothing.


If a field is made read only by a Client Script, a UI Policy to make it editable will take preference.


3,4 or 5 may be variable based on order.



There may be some exceptions but this is generally the rule of thumb.


Nothing trumps ACL regardless of the circumstance.



ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022