Regarding access controls

sree vidya · ‎04-16-2024

Hi Community,

Here is my question: What if we have 2 ACLs, on the one hand, one allows write access on a field to all users, who are having "snc_internal" role, while the other allows write access to the same field to all users, who have "itil" role? Who will get the access at the end?

johnfeist · ‎04-17-2024

Take a look at Created By and Updated By. If it was created or updated by someone from your organization you will see their name, if it's OOTB it will show something like system, admin, maint or a person outside of your organization.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

View solution in original post

johnfeist · ‎04-16-2024

Hi Sree,

snc_internal is a default role that goes to your users who have no other role but are identified as part of your organization. On that basis, you should be able to eliminate having two ACLs since your itil users should have access via that role as well. Try a simple test, turn off the itil rule, impersonate and itil user and see what happens. The way that the ACLs work is that as long as a user meets the criteria for any of the ACLS for a given action, it will go through.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

sree vidya · ‎04-16-2024

I understood but my question is why having a separate ACL for ITIL role, when there is an ACL with the "snc_internal", that allows access to even users with the ITIL role.

johnfeist · ‎04-16-2024

Based on the information you provided, I don't know if the ACLs in question are OOTB or if they were created by someone in your organization. You can also modify one of them to allow either role if needed. Having done that, you'll only have one ACL in play.

Hope that helps.

:{)

Helpful and Correct tags are appreciated and help others to find information faster

sree vidya · ‎04-17-2024

Thanks for the info. But, how to check whether they are OOTB?