Field level ACL is not working even all conditions are satisfied

dineshchoudhary
Kilo Guru

‎11-03-2024 05:42 PM - edited ‎11-03-2024 06:48 PM

We have enabled the Virtual Agent for the Employee Service Center (HRSD), along with Advanced Work Assignment (AWA) and HR Agent Workspace. When end users initiate a chat, it creates and auto-assigns the interaction based on available agents. As an admin, I can edit the state and see the "End Conversation" UI action, which has the following condition:

(current.assigned_to == gs.getUserID() || gs.hasRole('awa_manager')) && current.type == 'messaging' && current.active == true && current.state.canWrite() && !current.isNewRecord() && current.state != "wrap_up"

 

However, agents are unable to change the state of the interaction through either the state field or UI actions. Upon enabling logs, I verified that all conditions of the Access Control List (ACL) are satisfied, yet the result is still evaluated as false, preventing agents from changing the status. PFB snapshot of the ACL debug for your reference.

dineshchoudhary_0-1730684466357.png

 

If anyone has encountered a similar issue in their projects, I would greatly appreciate your insights or suggestions.

0 Helpfuls
  • 592 Views
3 REPLIES 3

AnveshKumar M
Tera Sage
Tera Sage

‎11-03-2024 11:26 PM

Hello @dineshchoudhary 

 

Have you checked the Agent access using Access Analyzer? Try using Access Analyzer and test once, if you can not find the Access Analyzer in your instance, you need to install the plugin.

 

How to use Access Analyzer:

https://docs.servicenow.com/csh?topicname=use-access-analyzer.html&version=latest

 

You can insatll the application from ServiceNow store here:

https://store.servicenow.com/sn_appstore_store.do#!/store/application/21d5e77677171110638cfe21fe5a99...

 

Please mark my answer helpful 👍 and accept as a solution ✔️ if it helped you.

 

Thanks,
Anvesh
0 Helpfuls

dineshchoudhary
Kilo Guru
In response to AnveshKumar M

‎11-05-2024 03:42 PM

Hi @AnveshKumar M ,

 

I did check the access of the user and I am confused with the results. In the debug logs, it did say it passed an ACL however overall access was blocked.

dineshchoudhary_0-1730850091962.png

 

Could you please help if you have details on this.

 

Thanks in advance.

 

Regards

Dinesh

0 Helpfuls

AnveshKumar M
Tera Sage
Tera Sage
In response to dineshchoudhary

‎11-08-2024 02:07 AM

Hello @dineshchoudhary 

The ACL indicates passed but it contains Exclaimatery (<!>) Icon, which indicates, that ACL has script in it. The final access depends on script evaluation when it is executed in real time. So, please check the script in highlighted ACL and debug it.

 

You can check the documentation below,

https://docs.servicenow.com/bundle/xanadu-platform-security/page/integrate/identity/concept/access-a...

 

Please mark my answer helpful 👍 and accept as a solution ✔️ if it helped you.

 

Thanks,
Anvesh
0 Helpfuls