Allow only the Entra integration user to update the read-only Manager field
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10m ago
Admin users will override any of the ACL's that you put upon the global records - you may have to handle this through process with the admin users, as opposed to adding unnecessary complexity through scripting.
To investigate why other users can do this and which ACLs are allowing this then @Sagar Pagar has done an excellent article on how to debug ACLs: How to Debug the ACLs Like a Pro developer in Serv... - ServiceNow Community
This should help you work out what you need to change. You could consider creating a role for the Entra integration account and adding that onto the Manager field and create an ACL for must have this role. But you'll need to understand the other ACLs that manage the access there.