Is it possible to create permissions that prevent someone from referencing a field

ayano
Giga Guru

Is it possible to create permissions that prevent someone from referencing a field in the Incident table?
For example, is it possible to set it so that a certain user cannot see the Description field of an Incident?

2 ACCEPTED SOLUTIONS

Arun_Manoj
Mega Sage

Hi @ayano ,

Please make a clarity on the given requirement ,

 

1. ACL - Controls data access at the server level,Prevents unauthorized users from reading, writing, or creating field data and Security – always use if you want to truly restrict data access.

arunm1_1-1749615747267.png

 

 

arunm1_0-1749615721443.png

 

 

2. UI Policy - UI Policy to Hide the Field Visually.

This involves using Field-level ACLs for security, and optionally, UI Policies or Client Scripts to improve the user experience.

 

Thanks

Arun

 

 

View solution in original post

Hi @ayano ,

2 ACLs would be required. one is for table level and one is for description field

please share your business requirement in detail we will help you with ACL configuration part

 

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

View solution in original post

5 REPLIES 5

Chaitanya ILCR
Kilo Patron

Hi @ayano ,

yes create a field level ACL (with read acl user will not be able to see the field)
with write the field will be read only for them

 

as you have asked for incident 

you can configure the acl like below

ChaitanyaILCR_0-1749606220733.png

 

for more details on ACL you can refer this video

 

https://www.youtube.com/watch?v=Nym3UXspS4M

 

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

In this video, we take a deep dive into Access Controls (ACLs) in ServiceNow - what they are, how they work, and how to use them to control access to records and fields. I'll show you how ACLs define who can do what to which thing, and walk through real examples using a demo table. You'll learn: *

ankittyagi4
Tera Contributor

Hi @ayano ,

yes create a field level ACL (with read acl user will not be able to see the field)
with write the field will be read only for them

 

as you have asked for incident 

you can configure the acl like below

alternatively you can use deny unless acl if you want to deny to everyone except a specific user.

ayano
Giga Guru

Hi @Chaitanya ILCR san,
Thank you for your answer.
I'd like to ask you more details.

Specifically, what I want to do is as follows.
Can this be implemented with one ACL record? Or do I need to create two ACLs?

- Display records created by a specific member of the Incident table.
- Do not display the description field of the records.

Best Rgards,

Hi @ayano ,

2 ACLs would be required. one is for table level and one is for description field

please share your business requirement in detail we will help you with ACL configuration part

 

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya