- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2019 06:04 AM
both data policy and acl are server side..
both restricts access to data,
what is the major difference between those?
with examples pls?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-08-2019 12:24 AM
If you have some field as Mandatory on UI end or client browser, does not mean that it is mandatory at Database as well.
eg, lets say caller is mandatory while creating an incident when you open incident form, but you can bypass that mandate which are enforce at client or UI or browser end if you try to create incident record using GlideRecord server side code
var gr = new GlideRecord("incident");
gr.insert();
This piece of code above will create incident record even though if you dont provide caller as input. To avoid this at database or server level, data policy can be created.
Once data policy is created, you wont be able to submit incident without providing caller inforamtion both at UI ( client side ) level as well as Server ( GlideRecord API or Database level )
Note: Please mark reply as correct / helpful if it has answered your original question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2019 10:19 AM
Data policy ensures validation during record being updated or created even via API. This is for data consistency.
Example, you can update or create a record using GlideRecord even if "user" does not have access for updating the record, this happens via GlideRecord API. Inshort, GlideRecord bypasses the ACLs ( unless you use GlideRecordSecure )
When it comes to data policy, it ensures that transaction should satisfy the policy condition, if it does not, it wont create or update the record.
Note: Please mark reply as correct / helpful if it answers your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2019 10:58 PM
so y do we use data policy we can use acl right?
since acl can perform all the operation as data policy
can you explain with the scenario
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2019 11:47 AM
Hi,
Data Policies are an effective means of controlling a few fields, and is probably the best way to ensure that a field has a value on the server before a record can be inserted or updated. When it comes to ensuring that a field (or a table) is fully inaccessible to users without a certain role however, ACLs are the way to go.
ACLs, short for Access Control Lists and otherwise known as Security Rules, are another means by which you can control access to elements within ServiceNow. They can serve much the same function as Data Policies, and a great deal more.
One major difference between Data Policies and ACLs, is that ACLs are script able. This allows for a great degree of flexibility functionality of ACLs
You can access the list of ACLs on a given table in the same way you'd access many other customisation's: either by right-clicking the form header, or through the hamburger menu at the top-left of the list view, and then clicking on Customise, and then Security Rules.
Please mark correct /helpful if it helps for you.
Regards,
Pooja
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2019 10:57 PM
so y do we use data policy we can use acl right?
since acl can perform all the operation as data policy
can you explain with the scenario
