Writable field on Incident is ReadOnly for all users except Admins

Go to solution
Tom L Logan
Mega Expert

‎12-27-2018 11:30 AM

Hello,

I have created a UI Policy to make fields Read Only when incident is closed with the exception of one field.  For some reason the field I excluded from the UI policy is only writable if you are logged in as Admin.  I have not configured any ACLs for this so not quite sure why this is happening.

I read a post where someone mentioned an out of box ACL for incident.*.  Can someone shed a little more light on this OOB ACL and how it can cause my issue?   I will like this issue resolved since the goal is to allow every one write to the field not just Admin.  Thanks for your assistance.

Labels:
0 Helpfuls
  • 3,980 Views
1 ACCEPTED SOLUTION

Go to solution
Tom L Logan
Mega Expert
In response to Inactive_Us1957

‎01-14-2019 09:21 AM

To fix this, I had to create an incident table write ACL that allowed ITIL write permission to incident table and then used the RCA_Status ACL to allow ITIL users write access to that specific field.  Same as needing a key to get in the building before getting in your office. Thanks for your assistance.

View solution in original post

0 Helpfuls
14 REPLIES 14

Go to solution
Coleton
Kilo Guru

‎12-27-2018 11:35 AM

If there's an ACL that's protecting a field and you want to prevent even Admins from having the ability to modify it, find the ACL protecting the field modifications and remove 'Admin Override'. It's a checkbox that you can modify when elevating your security privileges (Security Admin role).

As for the incident.* ACL, that means it's protecting the ability to modify all fields on the incident records. Have you worked with ACL's before?

0 Helpfuls

Go to solution
Tom L Logan
Mega Expert
In response to Coleton

‎12-27-2018 12:02 PM

I will like one field to be writable when the incident is closed this is the reason I deployed UI Policy.  But I am noticing that the field is writable only for Admins.  My goal is to make it writable for Admins and ITIL users.

0 Helpfuls

Go to solution
Coleton
Kilo Guru
In response to Tom L Logan

‎12-28-2018 09:08 AM

Then in that ACL, have a condition that checks if the current record is closed. If it is, then allow for the user to write to that field. In addition to that, you'll want to add the ITIL role requirement. I would disable the OOTB ACL and duplicate it to make your modifications. You don't want to modify OOTB records, if you can avoid it.

Let me know if this answers your question by marking it correct. Thanks.

 

0 Helpfuls

Go to solution
Jim Coyne
Kilo Patron

‎12-27-2018 11:47 AM

You shouldn't need the UI Policy at all, as this OOB Access Control record only gives users with the "itil" role access to write to the record  if the "Incident state" field is NOT "Closed" or "Cancelled":

https://instancename.service-now.com/nav_to.do?uri=sys_security_acl.do?sys_id=66ec26370a0a0b0100a67b...

Change "instancename" to your instance name, of course.

Now, this depends on your version and if any changes were made.  And when you say "everyone", do you really mean "everyone", or just users with the "itil" role?  And maybe the user who originally created the Incident and the Caller (like the OOB rules allow)?