ACL to allow anyone to create records

Wayne Richmond · ‎06-27-2017

Hi. I have created a custom table called 'u_stolen_items' that I want to allow anyone to be able to create records on. However, because I have the High Security Settings enabled, I believe this is preventing me from having a 'blank' ACL to allow this. I have created an ACL rule for 'create' where there are no conditions, however, this doesn't work (I assume because of the aforementioned High Security Settings). I have tried using 'true;' in the Script but that also didn't work. I tried adding the 'public' rule but this also doesn't work. Does anyone have any ideas?

Wayne Richmond · ‎07-10-2017

Hi David. Unauthenticated users cannot view the form as our instance requires authentication. I may be confusing matters by using the term 'public'. The users who'll be completing the form do have a SN profile and can log in.

I've noticed if I disable the specific read/write rules on the u_stolen_items table I am able to create records on the u_shoplifting_report form. However, when I put the rules back in (the rules that work fine if you're on the u_stolen_items table itself), you can no longer create rows on the table embedded in the form.

Luis Franco · ‎05-03-2018

Hi, Wayne.

I have a question which is not technical. I have this requirement on some processes, for example, creation of IT Ideas and Demands, but I opted to create Record Producers in the Service Catalog.

In this way I didn't have to allow the users to create any record and also could open the creation of records to users with no role. With this process I believe it's better than giving create access to the form with a blank 'ACL'.

I'm wondering if you have considered the Record Producers for your process and why do you think it's a better alternative. On the record producer you could had the code to create any dependencies with other tables.

On the technical side may I suggest that on top of the ACLs you should create a Query Business Rule on the table limiting the records that are sent to the user when reading and stop seeing that anoying sentence on rows excluded because of security constrains. Care to check nº. 4 on the servicenow guru page:

https://www.servicenowguru.com/showcase/servicenow-security-tips/

It is a very helpfull article on security.

Best Regards,

Luis Franco

Wayne Richmond · ‎05-08-2018

Thanks Luis. A record producer would not have allowed me to use the embedded table as shown above.