ACL for all fields except one field

Go to solution
sry
Giga Guru

‎06-25-2015 02:24 PM

Hi All,

                    I got requirement to give a user ASSET role but I should give him READ ONLY role for all the fields in the CI form except one field XYZ. I have given ASSET role and since they require read only for all the fields i have given SNC_READ_ONLY role. what shall i do to give WRITE ability to the field XYZ which is existed in every CI form(it could be printers,web servers, windows etc). since the SNC_READ_ONLY is making all the fields read only and it might be a table level ACL, it will override any field level ACL. Any idea on how to make only the field XYZ write access and rest of the fields read only.

PS: we are using FUJI version

Thanking You Very Much in advanced,

SY

0 Helpfuls
  • 10,371 Views
1 ACCEPTED SOLUTION

Go to solution
mamann
Mega Guru

‎06-25-2015 05:44 PM

You will need to have ACL's similar to below.



1. A write ACL on Table allowing access


2. A * write ACL on all fields not allowing access


3. A write ACL allowing access to the single field


View solution in original post

8 REPLIES 8

Go to solution
dpr1
Kilo Contributor
In response to mamann

‎07-27-2016 10:57 AM

Hi mark



I try to replicate the same ACLs on incident table.
my scenario is. a custom role needs to be established so that users with that custom role should be able to see all the incidents information in read only, at the same time they should be able to change few fields on incidents   created by them, we trird with snc_read_only role, but it will give a blanket read on the table by not allowing any fileds for write operations even the caller of the incident also.




any help would be highly appreciated.


0 Helpfuls

Go to solution
sry
Giga Guru
In response to dpr1

‎07-27-2016 12:30 PM

Hi Durga,


                              suppose you have a role "incident_custom", using this create two write acls


1) Incident(NONE) and put condition in script below


if (gs.hasRole("incident_custom"))


{


  answer = true;


}


else


  answer = false;



2) Incident(*) and condition


if (gs.hasRole("incident_custom"))


{


  answer = false;


}


else


  answer = true;



and third write ACL should be on each field. suppose i have a field STATE


3) Incident(STATE) with role "Incident_Custom" in   "Requires Role". No condition needed



actually for first write ACL i think you can use role in requires role without a conditon i guess. i never tried. just used the above scenario.


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage

‎06-25-2015 05:57 PM

Hi, sounds like the following thread could be helpful.



Need to make all the fields on a form read-only except for one.



Thanks,


Berny


0 Helpfuls

Go to solution
Deepak Ingale1
Mega Sage

‎06-25-2015 07:49 PM

Hello Srini,



Giving Table level access wont override the field level access.


You have to have access to both Row and Field in order to get 'True' output from your ACL.



https://community.servicenow.com/community/blogs/blog/2015/01/21/evaluating-acls



Kindly check above blog to get an Idea of how ACLs are evaluated.


There is a simple formula to remember (R || R && F || F).


What does it mean?


If you have two conflicting ALCs at Row level, output will be True, (True || False = True), if you have two conflicting ACLs at Field level, output will be true. Your both Field level and Row level evaluation should return true to get access to field.



Now, for your requirement, what Mark has suggested will work unless their is any other conflicting ACL which is allowing user to write on other fields.


0 Helpfuls