acl vs business rule

Go to solution
rahulnagarajan
Kilo Contributor

‎07-25-2017 12:13 AM

For security reasons, what is best to be used ? Shall i use acl to restrict the access or buisness rul?

pros and cons... or when to use what... sorry i am new, forgive me if i have not used right terms here...

0 Helpfuls
  • 8,191 Views
1 ACCEPTED SOLUTION

Go to solution
antin_s
ServiceNow Employee
ServiceNow Employee
In response to rahulnagarajan

‎08-07-2017 12:34 AM

Hi Rahul,



Please check if the below helps.



1. Performance: Before query is better because the conditions/filters run the initial Database query level.


2. User Experience: Before Query is better because you don't get the security message in the bottom of the List View saying 'some records removed due to security" which might confuse the user.



Though ACL has its own advantages (for example - field level restriction..etc), Business Rule seems to be a better choice for your question.



Hope this helps. Mark the answer as correct/helpful based on impact.



Thanks


Antin


View solution in original post

13 REPLIES 13

Go to solution
swati38
Tera Expert

‎07-25-2017 03:24 AM

Acl and BR are both server side, so they restrict the fields before the form is loaded.


Br can aslso restrict similar to ACL. ACL are little complex to work with downward approach like table access,field access and both.


0 Helpfuls

Go to solution
Anurag Tripathi
Mega Patron
Mega Patron

‎07-25-2017 03:27 AM

You can actually use both, one major difference is while using ACL it gives a message '20 rows are hidden for security reason'...something like that. But with Business rules you wont get that. My personal preference is ACL as the purpose of acl is that only while BR is for different things, so you platform is more maintainable for the next person to follow.


-Anurag
0 Helpfuls

Go to solution
rahulnagarajan
Kilo Contributor
In response to Anurag Tripathi

‎07-25-2017 11:07 PM

thanks!!!!



any idea which performs well on performance stand point?


0 Helpfuls

Go to solution
Anurag Tripathi
Mega Patron
Mega Patron
In response to rahulnagarajan

‎07-26-2017 02:15 AM

Good point:



Before query is highly preferable if you can use one. It makes the database do the work by modify the query itself. With Contextual Security, your instance has to decide per record what a user can see after fetching them from the database.



With a before query rule, unavailable records are simply not there as far as the user is concerned. With Contextual Security they might get a list of 4 visible records, and the list might say 1 to 100 of 546 with a message at the bottom saying "96 records removed due to security constraints".



Copied from CapaJC


-Anurag