ACL

HameetK · 3 weeks ago

Hi,
I have a parent table with default ACLs (CRUD) grating access for role 'u_test'. There is a child table inheriting from parent table with default ACLs (CRUD) grating access for role 'u_test1'.
However, parent table has one extra [parent.*] ACL grating access for role 'u_test'.

User with 'u_test1' role is not able to see any fields (not even child table fields) on the child table.
Is [parent.*] ACL restricting the field on child table? If yes, please elaborate.

Tanushree Maiti · 3 weeks ago

In ServiceNow, parent-level wildcard (.*) ACLs apply to all fields on the parent table AND inherited tables (child tables).
Since the user at child-level lacks u_test, they fail the parent wildcard check, denying field access even if the child table has its own CRUD rules.

Possible fix could be

1. Add a child.* ACL //overrides the inherited parent.* restriction for the child table

OR

2. Add u_test1 to the parent.* ACL

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

HameetK · 3 weeks ago

Hi @Tanushree Maiti
So, will the parent-level wildcard (.*) also restrict the fields on the child table?

Tanushree Maiti · 3 weeks ago

Yes , it restricts.

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

Vishal Birajdar · 3 weeks ago

Hi @HameetK

You can use Access Analyzer and check which ACL is blocking the access.

Vishal Birajdar
ServiceNow Developer

I know one thing, and that is that I know nothing.
- Socrates