ACL to allow anyone to create records

Wayne Richmond · ‎06-27-2017

Hi. I have created a custom table called 'u_stolen_items' that I want to allow anyone to be able to create records on. However, because I have the High Security Settings enabled, I believe this is preventing me from having a 'blank' ACL to allow this. I have created an ACL rule for 'create' where there are no conditions, however, this doesn't work (I assume because of the aforementioned High Security Settings). I have tried using 'true;' in the Script but that also didn't work. I tried adding the 'public' rule but this also doesn't work. Does anyone have any ideas?

Dave Smith1 · ‎06-27-2017

When you say "anyone"... do you mean any authenticated user, or anonymous access also?

Wayne Richmond · ‎06-28-2017

Authenticated users, yes.

Dave Smith1 · ‎06-28-2017

I just tried this... it's possible to create ACLs without any role against them.

To test, I created the following ACLs:

a table.none:read without any role - this permitted an ESS user to view my new table
a table.none:create with no role - this permitted an ESS user to create a new record (the NEW button showed up)
a table.none:write with no role - this meant the fields in the new record form were no longer grayed out.

(note: roles were removed from the Application and Module to permit ESS visibility)

I believe "public" is reserved for anonymous (unauthenticated) access: https://docs.servicenow.com/bundle/istanbul-servicenow-platform/page/administer/wizards/task/t_MakeA...

Hope that helps.

r_k · ‎06-27-2017

Hi Wayne,

Can you retry after creating following two ACLs

Create ACL (for read) with "public" role assigned to it.
Create ACL (for create) with "public" role assigned to it.

Thanks,

Rohit

Hit correct/helpful based on impact.