Comments and Work Notes ACL not working. Work notes showing for end users

jlt · ‎09-23-2016

It was recently reported that our end users are seeing work notes made by ITIL roled users in the comments and work notes and/or Activities (filtered) fields on forms even though there is an ACL that limits read access to task.work_notes to users with the role ITIL. If I add the field "work note" to the Self Service View, it appropriately is hidden from the non roled users view so the ACL is hiding the work notes field, but any work notes made previously still show in these journaled lists.

I know this was not always the case and am unsure when this problem emerged for us.

Can anyone tell me how to hide the worknotes in the journals lists from non-roled users but still allow them to create/read additional comments?

Michael Fry1 · ‎09-23-2016

In your Self Service view, you shouldn't have the Work Notes field on the form, but do add the Additional Comments field. Those with a role will work in the itil view, not the Self Service view.

jlt · ‎09-23-2016

Yes, should have better explained! I only added to double check that the ACL indeed does hide the field from non ITIL users... and it does.

Michael Fry1 · ‎09-23-2016

You should have a Read ACL on the task.work_notes field, with role itil.

That would prevent anyone without that role to read work notes.

Does you test user have the snc_external role?

jlt · ‎09-23-2016

Yes I have the read ALC on task.work_notes for ITIL User only.

My test user has no roles.