ACL

Go to solution
anurag_b
Tera Contributor

‎01-14-2025 09:54 PM

For Incident form, There is ACL which is restricting write access for a role and there is another ACL which allows user with same role to write. Which ACL will work, Will the user with that role able to write or not?

  • 1,317 Views
5 ACCEPTED SOLUTIONS

Go to solution
Zach Koch
Giga Sage

‎01-15-2025 09:50 AM

ACLs work by Granting access, not restricting. So for example, when you create an ACL, the role that you give it grants access, and by default "restricts" other roles, but not explicitly. So what that means is that even though the role doesn't meet the first ACL, it will meet the second ACL allowing the user to write to it.

If this information helped resolve your issue, please remember to mark response correct and thumbs up to help future community members on this information, thanks!

View solution in original post

Go to solution
Abhishek_Thakur
Mega Sage

‎01-15-2025 10:03 AM

Hello @anurag_b ,

I agree with the explanation by @Zach Koch . Just to summarize it as per your scenario the only ACL will work that will grant the user with the write access.

 

Please mark my answer as accepted solution and give thumbs up, if it helps you.

Regards,

Abhishek Thakur

View solution in original post

Go to solution
yuvarajkate
Giga Guru

‎01-15-2025 09:59 PM

ACL that grants access will work.

View solution in original post

Go to solution
vishwajeet5550
Mega Guru

‎01-15-2025 10:01 PM

For a user to gain write access, all ACLs must grant permission. If even one ACL denies write access, the user will be blocked from writing, regardless of other ACLs allowing it.

In your case, since one ACL restricts write access and another allows it for the same role, the restrictive ACL will take precedence. As a result, the user will not be able to write to the Incident form.

To resolve this conflict, you may need to adjust or remove the restrictive ACL to ensure consistent permissions.

View solution in original post

Go to solution
PritamG
Mega Guru

‎01-15-2025 10:13 PM

The user will not be able to write because deny ACLs take precedence over allow ACLs

View solution in original post

5 REPLIES 5

Go to solution
Zach Koch
Giga Sage

‎01-15-2025 09:50 AM

ACLs work by Granting access, not restricting. So for example, when you create an ACL, the role that you give it grants access, and by default "restricts" other roles, but not explicitly. So what that means is that even though the role doesn't meet the first ACL, it will meet the second ACL allowing the user to write to it.

If this information helped resolve your issue, please remember to mark response correct and thumbs up to help future community members on this information, thanks!

Go to solution
Abhishek_Thakur
Mega Sage

‎01-15-2025 10:03 AM

Hello @anurag_b ,

I agree with the explanation by @Zach Koch . Just to summarize it as per your scenario the only ACL will work that will grant the user with the write access.

 

Please mark my answer as accepted solution and give thumbs up, if it helps you.

Regards,

Abhishek Thakur

Go to solution
yuvarajkate
Giga Guru

‎01-15-2025 09:59 PM

ACL that grants access will work.

Go to solution
vishwajeet5550
Mega Guru

‎01-15-2025 10:01 PM

For a user to gain write access, all ACLs must grant permission. If even one ACL denies write access, the user will be blocked from writing, regardless of other ACLs allowing it.

In your case, since one ACL restricts write access and another allows it for the same role, the restrictive ACL will take precedence. As a result, the user will not be able to write to the Incident form.

To resolve this conflict, you may need to adjust or remove the restrictive ACL to ensure consistent permissions.