Grant write rights to a single field with Field level ACLs

Go to solution
GabrielCSSMI
Tera Contributor

‎07-06-2023 06:14 AM

 

I need to grant write access to a certain field within the cmdb_software_product_model table to a custom role I created. This access must be restricted conditionally to some records of the table meeting criteria based on the "Manufacturer" field.

 

It is my understanding that in order to do that, table and row access must be granted as well.

 

I've created 3 custom ACL rules on the cmdb_software_product_model table as such:
- Write - cmdb_software_product_model.none

- Write - cmdb_software_product_model.*

- Write - cmdb_software_product_model.name

 

All of these rules require the custom role I created and are filtered on the "Manufacturer" field. Doing so grants write access to the whole table. Without the row level ACL, the whole table still has write access. Without the table level ACL, none of the fields have the write access.

 

The OOB write rule for this table is still there, since it's not filtered I'm not using it. I tried adding my role to this rule, it still grants write access to the whole table even though I have my row level and field level ACLs configured.

 

What else can I do to grant write access to the name field only? Thank you.

0 Helpfuls
  • 1,483 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to GabrielCSSMI

‎07-06-2023 07:42 AM

@GabrielCSSMI 

you don't want that user to edit any other field other than name?

if yes then ensure you block table.* write acl for that user

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

4 REPLIES 4

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎07-06-2023 07:21 AM

@GabrielCSSMI 

if user gets table.name WRITE then table.* won't be evaluated.

- Write - cmdb_software_product_model.none this is required since it's table level

 

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
GabrielCSSMI
Tera Contributor
In response to Ankur Bawiskar

‎07-06-2023 07:41 AM

Hi,

 

I've tried having only cmdb_software_product_model.none and the cmdb_software_product_model.name, the user is granted write access for the whole table.

 

Is there something I'm missing? Thank you.

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to GabrielCSSMI

‎07-06-2023 07:42 AM

@GabrielCSSMI 

you don't want that user to edit any other field other than name?

if yes then ensure you block table.* write acl for that user

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Go to solution
GabrielCSSMI
Tera Contributor
In response to Ankur Bawiskar

‎07-06-2023 08:10 AM

Thank you, I just assumed ACLs applied restrictions if a smaller scope was specified, this worked for me!

0 Helpfuls