question Issue with ACL on dot-walked field in Developer forum

Issue with ACL on dot-walked field

mmongeau — Fri, 21 Aug 2015 19:19:57 GMT

In Project Management there is a parent/child relationship between a Project (pm_project) and Project Task (pm_project_task). On a Project Task list view I have added 'Parent.Short Description', which is the project name for the top-level tasks directly below a project.

As an Administrator I can view the contents of that field in list view.

A user with the project_user role, who is able view all projects and tasks, does not see any data in that column.

I enabled Debug Security and what it is showing is it is failing the script evaluation on a high-level read ACL that applies to all records

The script says you must either be an admin or the default security mode is allow (the default mode is deny).

Script: gs.hasRole('admin') || gs.getProperty('glide.sm.default_mode') == 'allow'

Users with the project_user role have full read access to all fields in the pm_project table, as seen here when the same non-admin user views all projects.

So why is this read ACL on pm_project.* being bypassed when dot-walking from pm_project_task up to pm_project?

Thanks,

Michael Mongeau

Stratus Technologies

ServiceNow CA/CAD

Re: Issue with ACL on dot-walked field

srinivasthelu — Fri, 21 Aug 2015 19:22:59 GMT

Table Level ACL Place role here.

You may find this thread:Column shown blank in list view in spite of having values useful.

Re: Issue with ACL on dot-walked field

mmongeau — Fri, 21 Aug 2015 19:35:10 GMT

There is already a record-level read ACL on the pm_project table (field = 'None') and it does not seem to make a difference.

Michael

Re: Issue with ACL on dot-walked field

manikorada — Fri, 21 Aug 2015 20:13:44 GMT

Michael,

Instead of using Parent.Short Description can you add Project.Short Description

Re: Issue with ACL on dot-walked field

mmongeau — Fri, 21 Aug 2015 20:22:55 GMT

I added Project.Short Description and it has the same issue. Access is denied via the record/*/read ACL.

Michael

Re: Issue with ACL on dot-walked field

manikorada — Fri, 21 Aug 2015 20:25:26 GMT

Michael,

Do you have any ACL defined for pm_project_task.None read operation?

Re: Issue with ACL on dot-walked field

mmongeau — Fri, 21 Aug 2015 20:30:31 GMT

I have not customized any of the ACLs in the Project Management area - these are the ones included out-of-the-box.

Michael

Re: Issue with ACL on dot-walked field

mmongeau — Fri, 21 Aug 2015 20:39:17 GMT

I just noticed that you asked about pm_project_task. The pm_project_task.None read rule is identical to the one above for pm_project.None. Access is granted to users with the role 'itil' or 'project_user'.

Michael

Re: Issue with ACL on dot-walked field

mmongeau — Tue, 25 Aug 2015 20:36:26 GMT

ServiceNow Support has confirmed that this is a defect documented on PRB582996.

Michael