question Writable field on Incident is ReadOnly for all users except Admins in ITSM forum

Writable field on Incident is ReadOnly for all users except Admins

Tom L Logan — Thu, 27 Dec 2018 19:30:57 GMT

Hello,

I have created a UI Policy to make fields Read Only when incident is closed with the exception of one field. For some reason the field I excluded from the UI policy is only writable if you are logged in as Admin. I have not configured any ACLs for this so not quite sure why this is happening.

I read a post where someone mentioned an out of box ACL for incident.*. Can someone shed a little more light on this OOB ACL and how it can cause my issue? I will like this issue resolved since the goal is to allow every one write to the field not just Admin. Thanks for your assistance.

Re: Writable field on Incident is ReadOnly for all users except Admins

Coleton — Thu, 27 Dec 2018 19:35:00 GMT

If there's an ACL that's protecting a field and you want to prevent even Admins from having the ability to modify it, find the ACL protecting the field modifications and remove 'Admin Override'. It's a checkbox that you can modify when elevating your security privileges (Security Admin role).

As for the incident.* ACL, that means it's protecting the ability to modify all fields on the incident records. Have you worked with ACL's before?

Re: Writable field on Incident is ReadOnly for all users except Admins

Jim Coyne — Thu, 27 Dec 2018 19:47:05 GMT

You shouldn't need the UI Policy at all, as this OOB Access Control record only gives users with the "itil" role access to write to the record if the "Incident state" field is NOT "Closed" or "Cancelled":

https://instancename.service-now.com/nav_to.do?uri=sys_security_acl.do?sys_id=66ec26370a0a0b0100a67b597d415b84

Change "instancename" to your instance name, of course.

Now, this depends on your version and if any changes were made. And when you say "everyone", do you really mean "everyone", or just users with the "itil" role? And maybe the user who originally created the Incident and the Caller (like the OOB rules allow)?

Re: Writable field on Incident is ReadOnly for all users except Admins

Tom L Logan — Thu, 27 Dec 2018 20:02:52 GMT

I will like one field to be writable when the incident is closed this is the reason I deployed UI Policy. But I am noticing that the field is writable only for Admins. My goal is to make it writable for Admins and ITIL users.

Re: Writable field on Incident is ReadOnly for all users except Admins

Tom L Logan — Thu, 27 Dec 2018 20:07:36 GMT

Hello Jim,

I used UI Policy because I want one field to be writable after the incident is closed. I like this to be true for itil and Admin roles.

Re: Writable field on Incident is ReadOnly for all users except Admins

Coleton — Thu, 27 Dec 2018 22:54:28 GMT

Then in that ACL, have a condition that checks if the current record is closed. If it is, then allow for the user to write to that field. In addition to that, you'll want to get rid of the 'admin' role requirement and in the script, check if the user has role admin or user has ITIL. I would disable the OOTB ACL and duplicate it to make your modifications. You don't want to modify OOTB records, if you can avoid it.

Let me know if this answers your question by marking it correct. Thanks.

Re: Writable field on Incident is ReadOnly for all users except Admins

siva_ — Fri, 28 Dec 2018 01:59:05 GMT

When you are not sure of what exactly happening and trying to resolve it in terms of mandatory and read only behaviour, then try using field watcher capability in servicenow that helps you to debug the issue and work on it

Field Watcher - Servicenow

Thanks,

Siva

Mark this as helpful if that really helps

Re: Writable field on Incident is ReadOnly for all users except Admins

Inactive_Us1957 — Fri, 28 Dec 2018 03:00:51 GMT

Hi,

The field that you want editable for admin and ITIL is OOTB field or customized field. If OOTB then please tell me the name of the field.

Thanks

Re: Writable field on Incident is ReadOnly for all users except Admins

Tom L Logan — Fri, 28 Dec 2018 14:31:50 GMT

Hello Kanchan, it is a customized field called "RCA_Status" inside a section called "RCA Information".

Re: Writable field on Incident is ReadOnly for all users except Admins

Inactive_Us1957 — Fri, 28 Dec 2018 16:27:39 GMT

Hi,

Create a write field level ACL on "RCA_Status" field and added role to whom you want to allow to edit.

Thanks

Kanchan

Re: Writable field on Incident is ReadOnly for all users except Admins

Coleton — Fri, 28 Dec 2018 17:08:26 GMT

Then in that ACL, have a condition that checks if the current record is closed. If it is, then allow for the user to write to that field. In addition to that, you'll want to add the ITIL role requirement. I would disable the OOTB ACL and duplicate it to make your modifications. You don't want to modify OOTB records, if you can avoid it.

Let me know if this answers your question by marking it correct. Thanks.

Re: Writable field on Incident is ReadOnly for all users except Admins

Tom L Logan — Fri, 28 Dec 2018 22:18:49 GMT

I did as you suggested but it did not make a difference. The RCA Status field can only be modified by Admins even though I created a write ACL with a condition of "incident state is closed" and granted access to ITIL users.

Do you know exactly what the OOB ACL that makes the fields Read Only is called? I like to disable it to see what happens.

Re: Writable field on Incident is ReadOnly for all users except Admins

Coleton — Fri, 28 Dec 2018 22:54:26 GMT

Try enabling the 'Debug Security Rules' and go to the record which has the RCA Status field. Then do ctrl+f and search for 'rca_status/write' and you can detect which ACL is causing the issue.

Re: Writable field on Incident is ReadOnly for all users except Admins

Inactive_Us1957 — Sat, 29 Dec 2018 18:13:01 GMT

Hi,

Deactivate the table level write ACL which having the conditions "Incident state is not closed/canceled" and also deactivate the newly created write ACL on "RCA_Status" field. Hope so it will work.

Thanks,

Kanchan

Re: Writable field on Incident is ReadOnly for all users except Admins

Tom L Logan — Mon, 14 Jan 2019 17:21:16 GMT

To fix this, I had to create an incident table write ACL that allowed ITIL write permission to incident table and then used the RCA_Status ACL to allow ITIL users write access to that specific field. Same as needing a key to get in the building before getting in your office. Thanks for your assistance.