Hi,

The way ACLs work is that you can think of a table...like a house. So the house is the Asset Table. The rooms inside represent the fields on the table. So you have given them access to a room inside the house, but they need to be able to go in the house first.

So you'd want to give write access to the table and to the field.

BUT, you'd also need to modify that write access to NOT be everything (as you've seen).

So to assist with this, you'd want to edit the OOB write ACL, but this time for * (meaning all other fields)...and set that role on that ACL to the normal role that is required for that table or should be required for this table (asset role). This basically says hey members of this special group...you can write to this table....BUT...modified...to only the field or fields I say (via new write acl for table.field).

When do a an ACL for table.* it basically means: for all other fields this ACL applies UNLESS I create an ACL for a specific field, then use that.

So here's the steps you did:

- I created a role called - asset_inv_nbr_update
- I added the group of users to the role
- I created a Write ACL in the Invoice Number field
- I added the asset_inv_nbr_update role to the ACL

Now here's a few more:

- Create a write ACL for the entire table specifying this role you made (as you did, so keep it or re-add it back)
- Edit the write ACL for the table.* to only include the role of users who SHOULD be able to write to this table to all other fields (asset role).

Since there's already a table.* ACL, that is why I'm saying edit it...because that ACL, currently, lets anyone write to all the fields on the table with no role as long as you have table write privilege (which they would through the new table acl you're making for them).

So this allows them to come in to the house, but only to 1 room. All other rooms are locked.

Please mark reply as Helpful/Correct, if applicable. Thanks!