Users having Knowledge role should not able to edit Reports.

1_DipikaD
Kilo Sage

3 hours ago

Hi All,

 

I have a requirement that users who have Knowledge role should not able to edit the report. They can view but should not able to edit a particular Report. Should I write ACL for this . I have tried to share the report to the people who have Knowledge role but they still able to edit the report. Please suggest.

 

Thank You

0 Helpfuls
  • 225 Views
2 REPLIES 2

pavani_paluri
Tera Guru

55m ago

Hi @1_DipikaD ,

 

You’re on the right track thinking about ACLs, because sharing a report only controls who can see it, not who can edit it. By default, if a user has the report_admin or similar permissions, they can still edit. The knowledge role itself doesn’t restrict report editing.

ACLs on the `sys_report` table:
Create a write ACL that denies users with the `knowledge` role from editing reports.
Keep the read ACL open so they can still view.
Always enforce restrictions at the ACL level, not just UI, so users can’t bypass it with direct URLs or API calls.

 

Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Pavani P
0 Helpfuls

Tanushree Maiti
Kilo Patron

35m ago - last edited 35m ago

Hi @1_DipikaD 

 

It can be done two ways .

1 Option A: Using ACL (Recommended)

  •  Navigate to your user profile and elevate to security_admin
  • Navigate System Security > Access Control (ACL) and click New.
  • details
    • Type: Record
    • Operation:Write
    • Name: sys_report 
  • Add Condition/Script:
    • In the Condition builder, add a condition that excludes the specific report 
    • like [Specific Report] AND [Users with Knowledge Role]
  • The user will be able to view the report, but the edit/save buttons will be disabled

 

  1. Option B: Using Before-update BR  to stop updates.
  • Create a Before Update Business Rule on the sys_report table.
  • Add condition like current.sys_id == '<Specific_Report_Sys_ID>' && gs.hasRole('knowledge')

(function executeRule(current, previous /*null when async*/) {

    gs.addErrorMessage("You do not have permission to edit this report.");

    current.setAbortAction(true);

})(current, previous);

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls