ACL - Best Practices Tips

Luiz Lucena · ‎01-18-2018

Hi friends,

Was trying to find a doc or page with best practices regarding ACL's but could not find any match.

Let's say if we have an ACL that allow users with ITIL role to read the content of a certain table, row read level as well.

Then we need to create another role to another team, which won't have the ITIL role, but they would need read only access to the same table and criteria.

Can we add that additional role to the ACL or should we create a new ACL?

Best practices tips, please.

Thanks in advance,

Dikshmalik · ‎01-18-2018

Please check the below link - https://docs.servicenow.com/bundle/geneva-servicenow-platform/page/administer/contextual_security/co... WIKI is no longer supported! Press correct/help if it helped! Regards, Diksh

paulcurwen_pgds · ‎01-18-2018

Hi Luiz,

Yes you can just add the other role to the read ACL and that is 'common practice' and keeps it simple. However with ServiceNow there are multiple ways of cooking up the solution and you may wish do this in another specific ACL if you think in the future you would want it to be more granular, or you may want to deactivate the ACLs individually for any reason.

Luiz Lucena · ‎01-18-2018

Thanks, guys.

In our case, the ACL in question has a condition and it should evaluate to True. However, after we have added the new role into that ACL. The condition started to evaluate to False even though is True.

The condition is under a custom Catalog Item that we use for both HR and IT folks, if user has HR role, should see only the SCTASKs associated to their role.

IT should see all SCTASKs, except those that contains the HR application name.

As a test, I just hit the save button (did not change anything else). And the ACL started to return False to the condition.

Debugging the security, only said: (Condition: Return = False) and when clicking the link to the sctask, it says: User is not allowed to see the table: sc_task;