acl vs business rule

rahulnagarajan · ‎07-25-2017

For security reasons, what is best to be used ? Shall i use acl to restrict the access or buisness rul?

pros and cons... or when to use what... sorry i am new, forgive me if i have not used right terms here...

antin_s · ‎08-07-2017

Hi Rahul,

Please check if the below helps.

1. Performance: Before query is better because the conditions/filters run the initial Database query level.

2. User Experience: Before Query is better because you don't get the security message in the bottom of the List View saying 'some records removed due to security" which might confuse the user.

Though ACL has its own advantages (for example - field level restriction..etc), Business Rule seems to be a better choice for your question.

Hope this helps. Mark the answer as correct/helpful based on impact.

Thanks

Antin

View solution in original post

rahulnagarajan · ‎08-07-2017

thanks to all..! can business rule apply restriction field level?

Pradeep Sharma · ‎08-07-2017

No restriction on the field level. A business rule will restrict to rows with in a table.

antin_s · ‎08-07-2017

Hi Rahul,

As I mentioned, you need to use ACL for that. I am little confused about what is your use case here. Can you please elaborate it before deciding ACL or Business Rule?

Thanks

Antin

The SN Nerd · ‎08-07-2017

For field restriction (specifically write access):

If the field never changes value in the UI, and you need to make it read only access, use an ACL
If the field may change value in the UI, but you need it to be read only, use UI policy

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022