ACLs for the same fields

Lana2xp · ‎11-29-2016

What happens if there are two ACLs for the same field or table, for the same roles, but one allowing access and another denying?

Chuck Tomasi · ‎11-29-2016

Hi Elaine,

Once access is granted, it is available. It doesn't matter how many other ACLs say "Deny". By default, the system starts with a deny model and you create ACLs to entitle people to certain things (e.g. create a record, or write to a field.)

Docs: Access control rules

Docs: Contextual security

Security Best Practices - ServiceNow Wiki

View solution in original post

Chuck Tomasi · ‎11-29-2016

Hi Elaine,

Once access is granted, it is available. It doesn't matter how many other ACLs say "Deny". By default, the system starts with a deny model and you create ACLs to entitle people to certain things (e.g. create a record, or write to a field.)

Docs: Access control rules

Docs: Contextual security

Security Best Practices - ServiceNow Wiki

Lana2xp · ‎11-29-2016

Hi Chuck !! Thank you very much

Chuck Tomasi · ‎11-29-2016

You are very welcome.

If I have answered your question, please mark my response as correct so that others with the same question in the future can find it quickly and that it gets removed from the Unanswered list.

If you are viewing this from the community inbox you will not see the correct answer button. If so, please review How to Mark Answers Correct From Inbox View.

Thank you

randrews · ‎11-29-2016

keep in mind you also have table level rules not just field... so to access a field you have to get a single yes from any table rule.. and a single yes from any field rule BOTH.....

so... if i am trying to modify a field.. there are 3 table rules.. 2 deny and 1 allows.. i have access to the table...

if there are 5 acls on the field 3 deny and 2 allow i have access to the field.. i have access to the field

since BOTH are true i have access had either table or field failed i would not have access.