Clarification on ACL and Security Data Filter Execution Order
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
Hi all,
I'm trying to understand the exact execution order between ACL processing and Security Data Filters.
From the ACL documentation:
- A Pre-query ACL check occurs before a database query is executed.
- The pre-query check only evaluates user roles and does not evaluate conditions or scripts.
Explore Access Control Lists • Australia Platform security • Docs | ServiceNow
From the Security Data Filter documentation:
- Security Data Filters are applied before a query is executed.
- Security Data Filters are applied after absolute ACLs (table-level ACLs) and after row ACLs.
Conditional ACLs filter data after a query is executed.
Security data filters • Australia Platform security • Docs | ServiceNow
This raises a question for me.
Are the following concepts referring to different stages of processing?
- Pre-query ACL check
- Absolute (table-level) ACLs
- Row ACLs
- Conditional ACLs
Security Data Filter
For both admin and non-admin users, what is the exact end-to-end execution order of Pre-query ACL checks, table-level (absolute) ACLs, row ACLs, conditional ACLs, Security Data Filters, and the database query itself?
Thanks in advance for any clarification or examples you can provide.