What does these ACLs allows the user to fetch/gather/perform, and from where?

Go to solution
ChrisGetint
Tera Expert

a month ago

Hi team!

I'm working on a ServiceNow user, as well as learning about ACLs and table permissions, and would like to learn what the following ACLs are for, what they allow the user to do/what is their main function or purpose is:

Dictionary Entry [sys_dictionary] 
Field class [sys_glide_object]
Choice [sys_choice]
Journal Entry [sys_journal_field]

Can someone also refer me to some documentation where I can read and learn more about these specific ACLs?

Thanks!

0 Helpfuls
  • 1,079 Views
1 ACCEPTED SOLUTION

Go to solution
GlideFather
Tera Patron

a month ago

Hi @ChrisGetint,

 

these aren't ACLs, they are in "Access control" in your instance.

GlideFather_0-1758836774984.png

 

And they would be in a format:

  • table.none
    • giving access to the whole table
  • table.field1
    • access to the particular field 1
  • table.field2
    • access to the particular field 2
  • table.field3
    • access to the particular field 3
  • table.*
    • access to all the fields that is not explicitly define
    • all the table field except of 1, 2, and 3

Beside that you define the operations - read, write, create, delete.

 

And with all this you can set the access who can read (view) what fields. for example Number will be visible by everybody but a field Salary would be restricted to a group or role...

 

GlideFather_1-1758836833985.png

 

To update or create ACL records you need security admin role, the highest role existing.

 

The tables you mentioned are not granting access:

  • Dictionary Entry [sys_dictionary]
    • definition and attributes of form fields
    • e.g. field Assigned to - defined as reference, Number as integer, etc.
  • Field class [sys_glide_object]
    • definition of fields - string, integer, ...
  • Choice [sys_choice]
    • all the choices in the platform
    • e.g. State > New, Closed, etc
      • State for Inc, states for change, ... as they can vary
  • Journal Entry [sys_journal_field]
    • stores Additional comments and Work notes
    • e.g. from an incident, from a change, all...

For all the tables above add .list and you can do inspection to observe and understand what they store:

GlideFather_2-1758837119866.png

  • sys_glide_object.list
  • sys_dictionary.list
  • etc
———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


View solution in original post

7 REPLIES 7

Go to solution
GlideFather
Tera Patron

a month ago

Hi @ChrisGetint,

 

these aren't ACLs, they are in "Access control" in your instance.

GlideFather_0-1758836774984.png

 

And they would be in a format:

  • table.none
    • giving access to the whole table
  • table.field1
    • access to the particular field 1
  • table.field2
    • access to the particular field 2
  • table.field3
    • access to the particular field 3
  • table.*
    • access to all the fields that is not explicitly define
    • all the table field except of 1, 2, and 3

Beside that you define the operations - read, write, create, delete.

 

And with all this you can set the access who can read (view) what fields. for example Number will be visible by everybody but a field Salary would be restricted to a group or role...

 

GlideFather_1-1758836833985.png

 

To update or create ACL records you need security admin role, the highest role existing.

 

The tables you mentioned are not granting access:

  • Dictionary Entry [sys_dictionary]
    • definition and attributes of form fields
    • e.g. field Assigned to - defined as reference, Number as integer, etc.
  • Field class [sys_glide_object]
    • definition of fields - string, integer, ...
  • Choice [sys_choice]
    • all the choices in the platform
    • e.g. State > New, Closed, etc
      • State for Inc, states for change, ... as they can vary
  • Journal Entry [sys_journal_field]
    • stores Additional comments and Work notes
    • e.g. from an incident, from a change, all...

For all the tables above add .list and you can do inspection to observe and understand what they store:

GlideFather_2-1758837119866.png

  • sys_glide_object.list
  • sys_dictionary.list
  • etc
———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


Go to solution
GlideFather
Tera Patron
In response to GlideFather

a month ago - last edited a month ago

@ChrisGetint and also:

  • System dictionary
  • sys_glide_object
    • The sys_glide_object table in ServiceNow stores the definitions and properties of different field types, like "String," "Integer," or "Reference". It defines the characteristics of various field types that are used within the system. This table contains internal system configurations, making it typically hidden from general users and requiring administrative roles (like maintenance or security_admin) to view or modify its records
  • sys_choice
  • sys_journal_field 

 

versus ACL:)

 

 

Thank you for your eventual kudos or accepting solution :))

 
 
———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


Go to solution
GlideFather
Tera Patron
In response to GlideFather

4 weeks ago

Hi @ChrisGetint,

 

I put some efforts into this in my free time, would be cool to hear soem feedback from you, please let me know whetehr it answered your question or if you want to discuss simething further

thanks

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


Go to solution
ChrisGetint
Tera Expert
In response to GlideFather

4 weeks ago

Hi @GlideFather 

That's exactly what I needed. My apologies for the late response here!

Thank you so much for your time and effort in helping me with this knowledge. I was able to understand a little bit better about users access control and how to fine tune access. 

0 Helpfuls