Hi @Merza Lyn ,

Work notes are journal type field. It is a common misconception that granting read/write on sn_risk_mitigation_task.work_notes is sufficient. In many cases, the platform relies on broader task.work_notes ACLs, and the user needs to meet those requirements as well. The default access to work notes is often restricted to specific roles like itil

A wildcard ACL on the sn_risk_mitigation_task table or its parent table (e.g., task) could be overriding your specific field-level ACL. For example, a task.* or sn_risk_mitigation_task.* ACL that requires a higher-level role (like sn_risk.admin) will prevent the sn_risk.reader role from seeing the field, even if you have a more specific sn_risk_mitigation_task.work_notes ACL

Use ACL debugger to check the issue

1. Navigate to System Security > Debugging > Debug Security Rules.
2. Impersonate one of the affected users.
3. Navigate to a Risk Mitigation record.
4. Examine the debugging information displayed at the bottom of the page. Look for entries related to work_notes or sn_risk_mitigation_task that show "Failed".
5. If you find a failed ACL, you can click on its name to investigate why it failed (e.g., condition not met, or a required role is missing)

Also Try creating a more generic ACL to check if a different rule is blocking it.

1. Navigate to the ACL list for sn_risk_mitigation_task.
2. Find any read/write ACLs on work_notes that don't have a role requirement.
3. Add the sn_risk.reader role to all of them

If I could help you with your Query then, please hit the Thumb Icon and mark as Correct !!

Thanks, GP