Access to reporting data via Report View ACL only, without Read ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2023 12:00 PM
I'm curious if it should be possible to grant Report access to a table (my use case involved a custom table) with just a Report View ACL and NOT a traditional Read ACL. This was a traditional List type report, not an aggregate- but for user interface- we'd rather limit access to the reporting module and the various ways we can present those reports (dashboards, widgets on the service portal etc.).
I wasn't able to figure out getting an RVA to work until I added the read ACL to my custom table, but maybe I just ran out of patience. I'm aware this might have different implications for non-list view reports- so i'm open to that info as well, but definitely curious about list view reports specifically.
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2023 02:32 AM
Hi,
On the same problem, just read carefully the doc --> Report_view access control (servicenow.com)
Second paragraph:
There are two kinds of report_view access control lists (ACLs): report_view table ACLs and report_view field ACLs. Report_view table ACLs prevent users from viewing report content based on the table specified in the ACL. Report_view field ACLs prevent users from viewing reports that use the field specified in the ACL in the group by, row, column or aggregation.
and, last paragraph:
Restrict access to list reports with a read operation
A list report uses regular record access controls to determine who can access data in a table or field. A report_view access control cannot prevent users from viewing lists to which they have read access. To restrict access to record data in lists and forms, create a read operation access control. For more information about record access controls, see Access control list rules.
So, RVA is not what you are thinking, that is, an additional layer of security to prevent users to Share content via reports to people that does not have direct access to the data... Meaning, with RVAs in place,
If Peter has access to the Salary tables,
Peter can create a report with the list of the salaries,
and Peter can share and send this report to the rest of the company,
BUT, Peter can not share a report with the salaries grouped
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2023 06:26 AM
Here is a Platform Analytics Academy session that we talked through ACL Assessments for Reports. This may help you with your understanding as well.
