Built something you're proud of? Tell the story. A quick G2 review of App Engine or Build Agent helps other developers see what's possible on ServiceNow. Share your experience.

How to achieve below scenario by using ACL?

Go to solution
harshacool9
Giga Contributor

‎02-19-2026 01:57 PM

"I created a custom table that extends from the Task table. After configuring the ACL, when I impersonate an ITIL user, I am still able to see all the records."

 

Scenario
In the Incident table:

  • ITIL users can read incidents.

  • But users can only see incidents assigned to their group.

0 Helpfuls
  • 489 Views
1 ACCEPTED SOLUTION

Go to solution
Tejas Adhalrao
Kilo Sage

‎02-19-2026 05:52 PM

Hi @harshacool9  ,

your table extends task, it automatically inherits .itil can read incidents 

there are Read ACL that restricts visibility to:   Assigned to user ,  Assigned to user's group , Opened by user etc.

So just giving itil role access is NOT enough.  You must add a condition or script in the Read ACL.

 

 

1) create new ACL 

 

  • Table: your_custom_table

  • Operation: read

  • Requires role: itil

  • advance checkbox is true

 

2) and add this script in acl 

answer = false;

if (gs.hasRole('admin')) {
    answer = true;
} else if (current.assignment_group && 
           gs.getUser().isMemberOf(current.assignment_group)) {
    answer = true;
}

 

** script defined -

  • Admin → Can see everything

  • ITIL → Can see only records where:

    • assignment_group = group they belong to   ***

 

 If you found my solution helpful, please mark it as Helpful or Accepted Solution...!

thanks,

tejas

Email: adhalraotejas1018@gmail.com

LinkedIn: https://www.linkedin.com/in/tejas1018

 

 

View solution in original post

1 REPLY 1

Go to solution
Tejas Adhalrao
Kilo Sage

‎02-19-2026 05:52 PM

Hi @harshacool9  ,

your table extends task, it automatically inherits .itil can read incidents 

there are Read ACL that restricts visibility to:   Assigned to user ,  Assigned to user's group , Opened by user etc.

So just giving itil role access is NOT enough.  You must add a condition or script in the Read ACL.

 

 

1) create new ACL 

 

  • Table: your_custom_table

  • Operation: read

  • Requires role: itil

  • advance checkbox is true

 

2) and add this script in acl 

answer = false;

if (gs.hasRole('admin')) {
    answer = true;
} else if (current.assignment_group && 
           gs.getUser().isMemberOf(current.assignment_group)) {
    answer = true;
}

 

** script defined -

  • Admin → Can see everything

  • ITIL → Can see only records where:

    • assignment_group = group they belong to   ***

 

 If you found my solution helpful, please mark it as Helpful or Accepted Solution...!

thanks,

tejas

Email: adhalraotejas1018@gmail.com

LinkedIn: https://www.linkedin.com/in/tejas1018