I want to show field data to users for custom role

Sriram Pusuluri
Tera Contributor

3 weeks ago

Hi Team,

 

I have catalog form, where one variable is reference to cmdb_ci table, for that table user is not having access, so that he is not able to view any record on that table, it is showing as empty.

 

for this I have created a read ACL, and I have given role as my custom role, and condition is cmdb_ci.name

 

SriramPusuluri_0-1778158771197.png

 

we have added role to that user, still data is not showing.

 

user is having record assigned in cmdb_ci table

 

 

0 Helpfuls
  • 951 Views
15 REPLIES 15

Sriram Pusuluri
Tera Contributor
In response to Ankur Bawiskar

a week ago

@Ankur Bawiskar 

 

I have created Read ACL, I have impersonated with that user, user is having read access to cmdb_ci table, but when it comes to catalog item, record is not showing.

 

I have deactivated Read ACL, I have checked with user, it is showing security constraints message.

 

For Catalog Item is available to all users.

0 Helpfuls

Ankur Bawiskar
Tera Patron
In response to Sriram Pusuluri

a week ago

@Sriram Pusuluri 

did you debug by using debug security rules and see which ACL is failing?

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Tanushree Maiti
Giga Patron

3 weeks ago

Hi @Sriram Pusuluri 

 

With your field level Read ACL, just check if you have Read cmdb_ci.*  ACL is  in place or not  (to ensure the actual data within the columns is visible) , If not, you may require it. 

 

 

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls

GlideFather
Tera Patron

3 weeks ago

Ahoy @Sriram Pusuluri,

 

the best thing you can do is to access the Analyse Permissions:

https://yourinstance.service-now.com/now/access-management/access-analyzer/params/selected-tab-index/0

 

GlideFather_0-1778163415174.png

 

You can select a table and a field and to see how it is evaluated per given user. You can evaluate this in general level or on a particular record (optional) as there might be different ACLs applied according to the inserted data for example.

 

So if you would use this tool, give it a few seconds it takes a bit to complete but then you will see what was blocked, passed or skipped and it tells you whether it was passed/blocked due to conditions, role or script.

 

GlideFather_1-1778163610328.png

 

GlideFather_2-1778163613805.png

 

You can also compare access between two people or two roles. Many things to play around to better understand what's required to grant the access correctly.

 

In my opinion, this is one of the most undervalued tools in ServiceNow 

_____
Answers generated by GlideFather. Check for accuracy.

0 Helpfuls

Sriram Pusuluri
Tera Contributor
In response to GlideFather

2 weeks ago

Hi @GlideFather 

 

I run this filter, below what i got

 

SriramPusuluri_0-1778677128264.png

 

0 Helpfuls