UI policy vs. ACL

Toshikazu Matsu · ‎07-05-2018

I will give ITIL role wirte authority by using the ACL in the impact field of the incident table.

ACL：

incident.None write ITIL

incident.impact　write ITIL

Also, I will give ADMIN role write authority by using the UI policy (writing Scripts) in the impact field of the incident table.

These are inconsistent, but which one is given priority and executed?

Please answer the question.

KInd Regards,

Gurpreet07 · ‎07-05-2018

ACLs evaluated server side and most secure way of restricting access to fields. UI Policy execute on form and on client side (Browser).

1. If ACL is restricting the write access then UI Policy will have no control over that field. UI Policy cannot make that field editable.

2. If ACL is not restricting the write access then you could further use UI Policy to make field readonly/editable.

Ashutosh Munot1 · ‎07-05-2018

HI,

ACL will be applied as it has highest security priority and if ACL Admin Override is checked then also admin can edit this field.

Important link:

https://docs.servicenow.com/bundle/kingston-platform-administration/page/administer/contextual-security/concept/access-control-rules.html

Thanks,
Ashutosh Munot

Gurpreet07 · ‎07-05-2018

ACLs evaluated server side and most secure way of restricting access to fields. UI Policy execute on form and on client side (Browser).

1. If ACL is restricting the write access then UI Policy will have no control over that field. UI Policy cannot make that field editable.

2. If ACL is not restricting the write access then you could further use UI Policy to make field readonly/editable.