ACL to allow anyone to create records

Wayne Richmond · ‎06-27-2017

Hi. I have created a custom table called 'u_stolen_items' that I want to allow anyone to be able to create records on. However, because I have the High Security Settings enabled, I believe this is preventing me from having a 'blank' ACL to allow this. I have created an ACL rule for 'create' where there are no conditions, however, this doesn't work (I assume because of the aforementioned High Security Settings). I have tried using 'true;' in the Script but that also didn't work. I tried adding the 'public' rule but this also doesn't work. Does anyone have any ideas?

chirag_bagdai · ‎07-08-2017

Hello,

I believe, you are using Service Portal's "Form" page & "Form" widget, can you try to mark "Public" field to true and see if that helps.

F_bio Gon_alves · ‎07-12-2017

Hi Chirag Bagdai,

That's right, I'm using that "Form" widget and I have already mark "Form" page as "Public". In fact, the page is public and any unregistered user can access it.

Unfortunately, when an unregistered user attempts to create a new record on the table exhibited on that "Form" widget by clicking on "Submit" UI Action, nothing happens. The page freeze and the record is not created.

It seems that even by making the pages "Public" and defining Read/Write/Create ACLs on a given table, for some reason the ability to in fact create new records is still exclusive to registered users.

Thanks.

Fábio Gonçalves

chirag_bagdai · ‎07-08-2017

I think, below KB article can be helpful :

ServiceNow KB: Making a record producer and catalog item public on a CMS page (KB0551300)

Anurag Tripathi · ‎06-28-2017

Hi Wayne,

Just make sure there is just 1 CRAEATE ACL(deactivate others) for that table, and in there you can just write this in the script part(no roles, no condition)

answer=true

-Anurag

Wayne Richmond · ‎06-28-2017

Thanks for all the replies, I appreciate it. I managed to get this working so 'anyone' can create a u_stolen_items record if they go to the table and are then only able to see their records thereafter:

These are the ACL rules I created:

Create: Requires role: public (have yet to enable the aforementioned plugin for snc_internal)

Read: Script: gs.hasRole("u_shoplifting_reports_user") || current.sys_created_by == gs.getUserName() || current.isNewRecord();

Write: gs.hasRole("u_shoplifting_reports_user") || current.sys_created_by == gs.getUserName() || current.isNewRecord();

HOWEVER! Users don't create these records directly on the table but rather via another table called u_shoplifting_reports. In this table the security rules appear not to work because the users can't create a new row. How do I fix this?!: