Hi RifqaF,

For this scenerio you have to create a custom role, we also have few OOB roles like  like sam_viewer, asset, or itil which come with a web of inherited roles and baseline ACLs.
Modifying baseline ACLs to strip away access for OOB roles is a bad idea,as it will disrupt standard platform functionality and complicate your future upgrade paths.
So, Create anew custom role (e.g., alm_license_viewer) to maintain a clean governance structure) and create a read acl  or follow these steps:

1. Create the Custom Role

• Navigate to User Administration > Roles and create your new role.

2. Create Read ACLs

• Create a Table-level Read ACL: Select the alm_license table, leave the field dropdown as --None--, and add your new custom role to the "Requires role" related list.

• Create a Field-level Read ACL: Create a second Read ACL for the alm_license table, select * from the field dropdown, and assign the same custom role.

3. Restrict the User's Other Access

• Assign the new alm_license_viewer role to the user (or ideally, their group).

• Note: Ensure the user does not possess broader roles like itil, asset, or sam_viewer.

Because ServiceNow operates on a default-deny architecture, removing those broader baseline roles and leaving them with only your new custom role ensures they are strictly isolated to viewing the alm_license table.

Please mark this response as helpful if it resolved your query!