Permissions to remove an item from a related list (via edit) but not delete

scottatah · ‎10-08-2015

Hi Everyone,

We recently built out our Release Management process in ServiceNow and I've been having some issues with a related list that was built for me. At first, our release_v2_admin folks had no "New" or "Edit" buttons. I eventually tracked it down to being missing ACL's on u_m2m_releases_features. I added create, read and write ACL's and solved that issue. Now, users are able to add items to the related list via the Edit button, but they're unable to remove items from the related list. It takes them to the slushbucket window and acts like it'll remove it, but when you click "Save" to exit the slush bucket window, the item is still there.

Adding a 'delete' ACL solves the issue, but that gives them the ability to delete items which I don't want.

Is there a specific ACL to solve this type of issue?

I don't know much about this m2m table stuff, but here's a screenshot of the permissions that helped me get the edit button there in the first place:

vkambham · ‎10-08-2015

Scott,

Your m2m relationship is between Releases and Features, and the relationships are in m2m join tables. Each row of the m2m table captures the relationship. Deleting the m2m row ( done by using the Edit slush-bucket) should only deletes the relationship not the parent Release or Feature. So logically speaking there is nothing wrong in granting "delete" on m2m table.

So when you say "Adding a 'delete' ACL solves the issue, but that gives them the ability to delete items which I don't want." , are you able to delete the feature ?

-venkatesh

View solution in original post

bernyalvarado · ‎10-08-2015

Hi Scott,

I would believe that removing an item from a related list is the same as to delete it. That's why, as you already evidenced, the delete ACL needs to grant access to the users that should be able to remove the items from the list.

One thing you could do is to further customize the delete ACL so that it ONLY grant access to delete records based on a criteria.

Thanks,

Berny

vkambham · ‎10-08-2015

Scott,

Your m2m relationship is between Releases and Features, and the relationships are in m2m join tables. Each row of the m2m table captures the relationship. Deleting the m2m row ( done by using the Edit slush-bucket) should only deletes the relationship not the parent Release or Feature. So logically speaking there is nothing wrong in granting "delete" on m2m table.

So when you say "Adding a 'delete' ACL solves the issue, but that gives them the ability to delete items which I don't want." , are you able to delete the feature ?

-venkatesh

scottatah · ‎10-09-2015

Thanks gents. I think you were both right.

Part of the issue is that I was comparing this to just being able to modify the related list of incidents to change or problems. Folks didn't have the delete feature, but could modify the related lists.

Regardless, after reading your post Venkatesh, I understand that I'm not deleating the feature, but rather just deleting the relationship between a Release and a Feature.

Proof: I added the delete ACL to the appropriate group and then tried deleting a feature via this related list by using the "Actions on selected rows" "Delete" UI Action and it removed it, but I then chose Edit and the item I just deleted was still available to add back. Yay!

So I understand the difference here is that I'm only editing the relationship between the two, not the actual records on either side (still slightly confusing, but makes more sense).

Thanks!!

jimbobtx · ‎11-05-2018

I thought you'd be pleased to know that this thread is still relevant. I had the same question, this sums it up nicely. Thanks!