UI policy vs. ACL

Toshikazu Matsu
Tera Contributor

I will give ITIL role wirte authority by using the ACL in the impact field of the incident table.

ACL:

incident.None     write   ITIL

incident.impact write  ITIL

Also, I will give ADMIN role write authority by using the UI policy (writing Scripts) in the impact field of the incident table.

These are inconsistent, but which one is given priority and executed?

Please answer the question.

KInd Regards,

 

 

1 ACCEPTED SOLUTION

Gurpreet07
Mega Sage

ACLs evaluated server side and most secure way of restricting access to fields. UI Policy execute on form and on client side (Browser). 

1. If ACL is restricting the write access then UI Policy will have no control over that field. UI Policy cannot make that field editable.

2. If ACL is not restricting the write access then you could further use UI Policy to make field readonly/editable.

View solution in original post

2 REPLIES 2

Ashutosh Munot1
Kilo Patron
Kilo Patron

HI,


ACL will be applied as it has highest security priority and if ACL Admin Override is checked then also admin can edit this field.

 

Important link:

https://docs.servicenow.com/bundle/kingston-platform-administration/page/administer/contextual-security/concept/access-control-rules.html

 

Thanks,
Ashutosh Munot

Gurpreet07
Mega Sage

ACLs evaluated server side and most secure way of restricting access to fields. UI Policy execute on form and on client side (Browser). 

1. If ACL is restricting the write access then UI Policy will have no control over that field. UI Policy cannot make that field editable.

2. If ACL is not restricting the write access then you could further use UI Policy to make field readonly/editable.