Understanding table ACLs

Go to solution
Michael Searle
Tera Guru

‎09-01-2022 09:40 AM

I'm trying to improve my understanding of table ACLs but feel I'm missing something.

I created the ACL rule shown below. I expect the person with the specified role to have access to the 65 records that match the condition. It seems, however, that the person has access to all the records in the table.

What am I missing or misunderstanding?

find_real_file.png

Labels:
Preview file
23 KB
0 Helpfuls
  • 6,523 Views
1 ACCEPTED SOLUTION

Go to solution
Yousaf
Giga Sage
In response to Yousaf

‎09-01-2022 09:45 AM

So it means when a user  has that role you entered in the role section first condition is true 

after that condition will be evaluated if thats true and there is no script it means user will have access

If you will add script all three of them will be evaluated before giving access

 

Mark Correct or Helpful if it helps.


***Mark Correct or Helpful if it helps.***

View solution in original post

8 REPLIES 8

Go to solution
Yousaf
Giga Sage
In response to Yousaf

‎09-01-2022 02:07 PM

Infact keep this table level ACL this will give that role access to table. you can remove condition from this one.

Create another Read ACL select table and * give this role and add this condition there.

 


***Mark Correct or Helpful if it helps.***

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎09-01-2022 10:07 AM

Hi,

ACL will evaluate Role + Condition + Script

If all evaluate as true then access is given

Are you sure there are no other table level READ ACLs on that table because if any 1 table level READ ACL allows then your ACL won't be evaulated.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Go to solution
Michael Searle
Tera Guru
In response to Ankur Bawiskar

‎09-01-2022 10:13 AM

Hi Ankur,

Thank you for your answer. To answer your question, if I remove the role I created from the person then that person can only see/read records he or she created. That leads me to believe that another ACL isn't overriding the ACL I created. Is that a correct assessment?

Thank you.

 

Michael

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Michael Searle

‎09-02-2022 04:53 AM

@Michael Searle 

this point is not correct -> if I remove the role I created from the person then that person can only see/read records he or she created

The table level READ ACL should evaluate to true for user to view the records.

there can be extra query BR on that table to restrict the records. but that's different point.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader