Why duplicate write ACLs? (itil and sn_incident_write)

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2025 03:18 AM
Hi,
I'm looking at the OOTB table-level write ACLs for Incident.
- There is one ACL that allows write for users with the itil role, provided the incident is not 7 or 8 (closed or cancelled).
- There is another ACL that allows write for users with the sn_incident_write role, provided the incident is not 7 or 8 (closed or cancelled).
My question is, why are both of them there? Since the itil role contains the sn_incident_write role, it fills no function, right?
Wouldn't it be exactly the same if there was only the ACL allowing write for sn_incident_write?
Hope someone can explain or confirm!
many thanks in advance /Tommy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2025 03:32 AM
yes ideally 1 should suffice
I have seen the created timestamp of both the ACLs in my PDI
the ACL with ITIL role is created in 2017 and the other one is 2019.
Seems the sn_incident_write role was created/introduced in 2019 and hence the new ACL was added for this role without touching the OOB one
This practice I have seen in many of my earlier implementations, we tend to avoid touching OOB ACL and simply create a new one for custom requirement.
I hope I was able to explain it.
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2025 05:07 AM
Thank you for marking my response as helpful.
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader