The CreatorCon Call for Content is officially open! Get started here.

Create a custom skill to analyze record and field label ACL for granting access

abhsekpramanik3
Tera Contributor

Hello Guys,

 

I have a requirement to create a custom skill that will be able to analyze all the record and field label ACL (roles, condition and script inside the ACL) for a particular table and create a summary for granting access.

 

I create a skill with below prompt :

 

# Role

You are a ServiceNow developer. Your task is to analyze and summarize the Access Control List (ACL) rules for the Incident table, including record-level and field-level ACLs, and present the results in a clear, structured format.

## Context

The table being analyzed is the "Incident" table in ServiceNow. You need to examine all active ACLs related to this table, including both record-level and field-level ACLs.

Record-level and field-level ACLs: {{CollectTableAcl.output}}

## Instructions

1. Access the ServiceNow platform and navigate to the Incident table.
2. Retrieve all active ACLs related to the Incident table, including both record-level and field-level ACLs.
3. For each ACL, extract and evaluate the roles required to access the table or field, conditions defined within the ACL, and any scripts configured inside the ACL that further restrict access.

4. Group and summarize the results by access type:

- Read Access
- Write/Update Access
- Create Access

5. If conditions or scripts are present, provide a plain, user-friendly summary explaining the restriction in simple terms.
6. Present the output in a clear, structured format (bulleted list or table) for quick interpretation by end users.

## Output

The output should be a structured summary of the ACL analysis for the 'Incident' table and fields, including the access types, roles, conditions, and scripts, if any. The format should be in plain text, with bullets or tables used for clarity from end user perspective.

 

*** CollectTableAcl.output is the output of  a script include used to collect ACL data in form of array of object like below :

 

 

*** Script: [
  {
    "ACL Name": "incident",
    "Operation": "conditional_table_query_range",
    "Type": "record",
    "Active": "true",
    "Condition": "",
    "Script": "",
    "Admin Overrides": "false",
    "Requires Role": "ITSM end user, "
  },
  {
    "ACL Name": "incident",
    "Operation": "conditional_table_query_range",
    "Type": "record",
    "Active": "true",
    "Condition": "",
    "Script": "",
    "Admin Overrides": "false",
    "Requires Role": "sn_si.read"
  },..........


 But I received the prompt output  like below which is not aligned or desire with ACLs

 

**Access Control List (ACL) Summary for Incident Table**

### Record-Level ACLs

* **Read Access**
* Roles: `itil,admin`
* Conditions: None
* Script: None
* **Write/Update Access**
* Roles: `itil,admin`
* Conditions: None
* Script: None
* **Create Access**
* Roles: `itil,admin`
* Conditions: None
* Script: None

### Field-Level ACLs

* **Short Description Field**
* **Read Access**
* Roles: `itil,admin`
* Conditions: None
* Script: None
* **Write/Update Access**
* Roles: `itil,admin`
* Conditions: None
* Script: None
* **Description Field**
* **Read Access**
* Roles: `itil,admin`
* Conditions: None
* Script: None
* **Write/Update Access**
* Roles: `itil,admin`
* Conditions: None
* Script: None

**Summary:**

* The Incident table has record-level ACLs that grant read, write/update, and create access to roles `itil` and `admin`.
* Field-level ACLs for the Short Description and Description fields mirror the record-level ACLs, with no additional conditions or scripts.
* There are no additional conditions or scripts configured in any of the ACLs, meaning that the access granted is straightforward and based solely on the roles specified.
* This setup provides broad access to the Incident table and its fields for users with the `itil` and `admin` roles, allowing them to read, write, and create records without any additional restrictions.

 

Seems it's a default one only. Can you please assist to find out the issue here? whether it's the correct way to feed the existing ACL info to Now LLM for analyzing the ACL or I should try something else to achieve it.

 

Thanks,

Abhisek

0 REPLIES 0