ACL

hadron_collider · ‎01-10-2024

Hello,

How can I investigate what rule is applied that sets 'status' and 'requested' to non readonly as an admin:

when I impersonate a non admin those 2 fields are readonly:

I have checked the UI policies there are none that set these fields to editable or read-only

Ehab Pilloor · ‎01-10-2024

Hi,

You can go to configure dictionary of each field and check the access controls. You can edit those access controls if you have the role of security_admin. You can use elevate role in your user menu to access that role.

If you found this reply helpful, please mark it as solution.

Thanks and regards,

Ehab Pilloor

Musab Rasheed · ‎01-10-2024

You can enable ACL debugger to see if ACL is impacting , my assumption is it could be either client script or write ACL, check for field level write ACL and see if 'admin overrides' checkbox is checked. if 'admin overrrides' checkbox is check in ACL form then ACL won't be applied to admin.

For debugging read below.

https://docs.servicenow.com/bundle/vancouver-platform-security/page/administer/contextual-security/c...

Please hit like and mark my response as correct if that helps
Regards,
Musab

Anurag Tripathi · ‎01-10-2024

ACL Debugger is one way as Musab Suggested.

Also you can look at the ACLs with filter for Operation = write and TableName.FieldName -> I personally like this approach.

-Anurag

Ankur Bawiskar · ‎01-10-2024

@hadron_collider

Things to check

1) client script

2) ui policy

3) data policy which runs as UI policy

4) field level WRITE ACL

5) dictionary readonly

Use field watcher feature to check for those 2 fields

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader