Why duplicate write ACLs? (itil and sn_incident_write)

Tommy SN Sahlin · ‎02-25-2025

Hi,

I'm looking at the OOTB table-level write ACLs for Incident.

There is one ACL that allows write for users with the itil role, provided the incident is not 7 or 8 (closed or cancelled).
There is another ACL that allows write for users with the sn_incident_write role, provided the incident is not 7 or 8 (closed or cancelled).

My question is, why are both of them there? Since the itil role contains the sn_incident_write role, it fills no function, right?

Wouldn't it be exactly the same if there was only the ACL allowing write for sn_incident_write?

Hope someone can explain or confirm!

many thanks in advance /Tommy

Ankur Bawiskar · ‎02-25-2025

@Tommy SN Sahlin

yes ideally 1 should suffice

I have seen the created timestamp of both the ACLs in my PDI

the ACL with ITIL role is created in 2017 and the other one is 2019.

Seems the sn_incident_write role was created/introduced in 2019 and hence the new ACL was added for this role without touching the OOB one

This practice I have seen in many of my earlier implementations, we tend to avoid touching OOB ACL and simply create a new one for custom requirement.

I hope I was able to explain it.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · ‎02-26-2025

@Tommy SN Sahlin

Thank you for marking my response as helpful.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader