- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2016 08:56 AM
Hello
I have a UI Macro that contains a script that is supposed to look for entries in a certain table and display them in table format in the Service Catalog. The users that would be using this macro have a particular role.
At the same time, the security on the target table is quite strict. To try to get around this, I had created read ACLs for table, and table.* for the same role.
However, no matter what I do in the macro, it doesn't seem to want to search for any records. Wondering if I should be using a different type of ACL, is there a Query ACL that I can use?
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2016 02:29 PM
As it turns out Macros do work well with ACLs
What DOESN'T Work well is if you use a variable that was previously unknown to be a reserved keyword. As I found out, UI Macros interpret the "gr" variable as a global variable unlike business rules that assume that gr is local to the rule itself.
Once I changed the gr to something more distinctive (i.e. grec), the script worked as expected.
*bangs head*
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2016 08:58 AM
Check if your script in the UI macro is using GlideRecord() or GlideRecordSecure(). The former uses system rights while the latter uses the rights of the logged in user.
GlideRecordSecure - ServiceNow Wiki
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2016 09:00 AM
It is using GlideRecord to look for entries in that table, it should be using GlideRecordSecure?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2016 09:02 AM
Yes. GlideRecordSecure() will honor the rights, roles, permissions, ACLs you have set up for the user logged in. GlideRecord() works at an elevated "system" level.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2016 09:25 AM
Doesn't seem to work.
As a test, I tried to log in using a user with elevated permissions and the macro was able to see the data. The user that I am using has stripped down permissions and cannot see the data.
To be sure, I put in a script in the Table.* acl to see what would happen. The user with elevated permissions triggers the ACL while the user without doesn't even do so. If I apply the same script to a client script that looks at the same table, it is fine. Just not UI Macros.
What am I missing?
