What is the best way to restrict access to records conditionally?

Go to solution
Aditya Raute
Mega Guru

‎06-28-2023 02:01 AM

HYPOTHETICALLY, let's say I want to provide conditional access to users on a table. And there are various sets of conditions for various records.

 

Let's take an example of a User table:

If I'm a user's manager, I should see their record - and all their subordinates' record.

If I'm a location manager, I should see all users at that location and their subordinates who may be in different locations.

If I'm a Department head, I should see records of people in my department even if they may not be my direct or indirect subordinates.

 

What will be the best approach to implement this? I want to avoid Query BRs and stick with ACLs just for simplicity but is it even possible?

For e.g. if an ACL meets one condition rule, they skip the other rules (I saw this in debugging ACLs). Does it mean I will see the records satisfying the criteria for one rule and not the others?

I don't wish to write a big ass script in the ACL either.

 

Want to know what do you guys think about this.

0 Helpfuls
  • 1,202 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎06-28-2023 02:17 AM

@Aditya Raute 

you need to use multiple table level READ ACLs each for your condition.

I would suggest to use query BR

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

4 REPLIES 4

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎06-28-2023 02:17 AM

@Aditya Raute 

you need to use multiple table level READ ACLs each for your condition.

I would suggest to use query BR

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Go to solution
Aditya Raute
Mega Guru
In response to Ankur Bawiskar

‎06-28-2023 02:32 AM

Hi Ankur,

 

@Ankur Bawiskar 

Thanks for your Answer.

 

A follow-up question.
Is it true that if one of the ACLs returns True - Lets say the location one, Then the other ACLs won't be evaluated and I wouldn't get to see the records satisfying manager-condition ACLs?

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Aditya Raute

‎06-28-2023 02:35 AM

@Aditya Raute 

that's correct. that's how ACLs work if there are multiple table level READ

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Go to solution
Aditya Raute
Mega Guru
In response to Ankur Bawiskar

‎06-28-2023 02:43 AM

Thanks very much

 

0 Helpfuls