ACL that grants read / update permission to only the assigned record

kazuki_karaki
Kilo Explorer

I am trying to define an ACL for problem management as follows.

· If "Smith" is entered in the "assigned_to" field, Smith can have authority to read / update that record

· Conversely, if "Smith" is not entered in the "assigned_to" field, Smith can not have the right to read / update that record

I think that such ACLs will be possible with control that limits the privileges of users granted the "itil" role.

However, I have to grant record access authority for problem management to the user equivalent to "requester".

I want a hint for defining an ACL with such a premise.

 

1 ACCEPTED SOLUTION

Abhishek77
ServiceNow Employee
ServiceNow Employee

Hi,

Read ACL is different and the update is different. You want to restrict the user to read or write or both? If you want to restrict both read and write please use create a read ACL and a write ACL.

If you don't want a user to read a record if it is not assigned to him them use a read ACL on that table and compare the user Id with assigned to field 

some thing like this 

var user= gs.getUserID();
var assignedto= current.assigned_to;
if(user==assignedto){
answer=true;
}
else{
answer=false;
}

 

But my question is if you want to read/write only if the record is opened by assigned to user, then what if the assigned to field is empty then no one would have access to read/write the record. So use a particular role or keep the whole record open to everyone if the assigned to is empty.

Mark the answer as Correct/Helpful based on its impact.

View solution in original post

1 REPLY 1

Abhishek77
ServiceNow Employee
ServiceNow Employee

Hi,

Read ACL is different and the update is different. You want to restrict the user to read or write or both? If you want to restrict both read and write please use create a read ACL and a write ACL.

If you don't want a user to read a record if it is not assigned to him them use a read ACL on that table and compare the user Id with assigned to field 

some thing like this 

var user= gs.getUserID();
var assignedto= current.assigned_to;
if(user==assignedto){
answer=true;
}
else{
answer=false;
}

 

But my question is if you want to read/write only if the record is opened by assigned to user, then what if the assigned to field is empty then no one would have access to read/write the record. So use a particular role or keep the whole record open to everyone if the assigned to is empty.

Mark the answer as Correct/Helpful based on its impact.