acl vs business rule

Go to solution
rahulnagarajan
Kilo Contributor

‎07-25-2017 12:13 AM

For security reasons, what is best to be used ? Shall i use acl to restrict the access or buisness rul?

pros and cons... or when to use what... sorry i am new, forgive me if i have not used right terms here...

0 Helpfuls
  • 8,082 Views
1 ACCEPTED SOLUTION

Go to solution
antin_s
ServiceNow Employee
ServiceNow Employee
In response to rahulnagarajan

‎08-07-2017 12:34 AM

Hi Rahul,



Please check if the below helps.



1. Performance: Before query is better because the conditions/filters run the initial Database query level.


2. User Experience: Before Query is better because you don't get the security message in the bottom of the List View saying 'some records removed due to security" which might confuse the user.



Though ACL has its own advantages (for example - field level restriction..etc), Business Rule seems to be a better choice for your question.



Hope this helps. Mark the answer as correct/helpful based on impact.



Thanks


Antin


View solution in original post

13 REPLIES 13

Go to solution
rahulnagarajan
Kilo Contributor
In response to Anurag Tripathi

‎08-07-2017 12:23 AM

i am not getting it completely all these. but i did with ACL no issues till now.   thanks for your help..


0 Helpfuls

Go to solution
antin_s
ServiceNow Employee
ServiceNow Employee
In response to rahulnagarajan

‎08-07-2017 12:34 AM

Hi Rahul,



Please check if the below helps.



1. Performance: Before query is better because the conditions/filters run the initial Database query level.


2. User Experience: Before Query is better because you don't get the security message in the bottom of the List View saying 'some records removed due to security" which might confuse the user.



Though ACL has its own advantages (for example - field level restriction..etc), Business Rule seems to be a better choice for your question.



Hope this helps. Mark the answer as correct/helpful based on impact.



Thanks


Antin


Go to solution
Tim Woodruff
Mega Guru
In response to antin_s

‎09-18-2018 01:22 PM - edited ‎05-02-2023 06:12 PM

I have to disagree with this suggestion.

Before Query is better because you don't get the security message in the bottom of the List View saying 'some records removed due to security" which might confuse the user.

The message at the bottom, indicating that some records were removed due to security is good. It makes troubleshooting really easy. I've never had a single user complain about this or be confused by it, and it's really simple to explain if they do. The lack of such a message, when records are removed by "security" (query business rules) is what anyone trying to troubleshoot missing records would find confusing. 

Business Rule seems to be a better choice for your question

This is not a good solution, please do not go replacing your ACLs with query business rules. 

There are a lot of reasons not to do this (not least of which is that query business rules are simply not meant to act as a security measure, can be overridden, and don't provide the level of security-oriented features as ACLs do), but most importantly is that Query business rules can cause major issues in your query results!

I wrote an article about on SN Pro Tips, which you can see here

Go to solution
The SN Nerd
Giga Sage
Giga Sage

‎08-07-2017 12:38 AM

Use ACL's for security.


Use 'Before Query' Business Rule to control visibility.


It can be a good idea to have Before Query business rules that mimic your table read rules, to prevent the "96 records removed due to security constraints" from showing.



Do you need examples?



ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022