Restrict access to Email templates only for table HR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2025 04:55 AM
Hi everyone,
I have an OOTB ACL for the 'sys_email_client_template' table. See below:
This is restricting based on the role. I want to keep this ACL but also create a new one to restrict users so they are not able to see records when the table is 'sn_hr_core_case'. If I duplicate this one and on applies to select table 'sn_hr_core_case' the records keep showing for regular users.
How can I prevent the display of every record from the 'sn_hr_core_case' table without deleting this ACL?
Thanks in advance!
- Labels:
-
Incident Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2025 05:37 AM
Do this
1) you can create a new one for your table and add condition, role, script etc in that, in this one add condition as this
2) Also in the OOTB ensure you skip that table so that your new ACL is evaluated and it doesn't evaluate the OOTB one
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2025 05:55 AM
Hi @Ankur Bawiskar ,
It caught to my atention that I opened in the wrong forum.
But regarding your response, I tried it and it didn't work. But if I change the OOTB ACL it works. Any ideia what might be the issue? It's not entering the condition properly?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2025 06:01 AM
@Ankur Bawiskar , Goal is the following:
Users with 'email_client_template_read' role can see email templates for every table except the 'sn_hr_core_case'.
To view 'sn_hr_core_case' they need admin role.
But a user can have the admin role and the email_client_template_read. If that happens, I want it to follow the admin role ACL and not the email_client_template_read ACL.
Is this achievable?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2025 06:21 AM
admin will have email_client_template_read role
So you cannot restrict it using roles, you can use script and check explicit roles using gs.hasRole('admin') etc
1) so for "sn_hr_core_case" only admin role is required -> create a new table.None and give admin in roles
2) in the OOTB one, you should update the condition
please use access analyzer and debug which ACL is blocking
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader