ACLs

vodnalar26 · yesterday

Hello Everyone,

I have a query regarding ACL behavior in ServiceNow.

I created a custom table and configured field-level ACLs. I granted access to a specific custom role and assigned that role to a custom user. When I impersonate that user, everything works as expected — the user can see the table and its fields properly.

However, when I impersonate another user who does not have the custom role, the table access is denied (as expected). But surprisingly, the user can still see the form layout of the custom table, although no fields are visible.

My question is:

If the user does not have the required role and table access is denied, why is the table form still visible (without fields)?
Is this expected behavior? Do I need to create a table-level ACL explicitly to prevent the form from being displayed?

Ankur Bawiskar · 2 hours ago

@vodnalar26

that's expected behavior.

Table level READ ACL will restrict records i.e. record visibility

With only field level ACLs, this will happen.

Always recommended to restrict records using Table.None ACL

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

abbasshaik4 · 2 hours ago

Hello @vodnalar26,

Operation: Read
Name: your custom table

Field: None

Yes, i try to create the table.none acl.

If it is helpful, please mark it as helpful and accept the correct solution by referring to this solution in the future it will be helpful to them.

Thanks & Regards,

Abbas Shaik