Restrict access to Email templates only for table HR

rafas_10
Tera Guru

‎04-29-2025 04:55 AM

Hi everyone,

 

I have an OOTB ACL for the 'sys_email_client_template' table. See below:

rafas_10_0-1745927609547.png

This is restricting based on the role. I want to keep this ACL but also create a new one to restrict users so they are not able to see records when the table is 'sn_hr_core_case'. If I duplicate this one and on applies to select table 'sn_hr_core_case' the records keep showing for regular users.

 

How can I prevent the display of every record from the 'sn_hr_core_case' table without deleting this ACL?

 

Thanks in advance!

Labels:
0 Helpfuls
  • 393 Views
4 REPLIES 4

Ankur Bawiskar
Tera Patron
Tera Patron

‎04-29-2025 05:37 AM

@rafas_10 

Do this

1) you can create a new one for your table and add condition, role, script etc in that, in this one add condition as this

AnkurBawiskar_0-1745930222833.png

2) Also in the OOTB ensure you skip that table so that your new ACL is evaluated and it doesn't evaluate the OOTB one

AnkurBawiskar_1-1745930248732.png

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

rafas_10
Tera Guru
In response to Ankur Bawiskar

‎04-29-2025 05:55 AM

Hi @Ankur Bawiskar ,

 

It caught to my atention that I opened in the wrong forum.

 

But regarding your response, I tried it and it didn't work. But if I change the OOTB ACL it works. Any ideia what might be the issue? It's not entering the condition properly?

0 Helpfuls

rafas_10
Tera Guru
In response to Ankur Bawiskar

‎04-29-2025 06:01 AM

@Ankur Bawiskar , Goal is the following:

Users with 'email_client_template_read' role can see email templates for every table except the 'sn_hr_core_case'.

To view 'sn_hr_core_case' they need admin role.

 

But a user can have the admin role and the email_client_template_read. If that happens, I want it to follow the admin role ACL and not the email_client_template_read ACL.

 

Is this achievable?

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to rafas_10

‎04-29-2025 06:21 AM

@rafas_10 

admin will have email_client_template_read role

So you cannot restrict it using roles, you can use script and check explicit roles using gs.hasRole('admin') etc

1) so for "sn_hr_core_case" only admin role is required -> create a new table.None and give admin in roles

2) in the OOTB one, you should update the condition

please use access analyzer and debug which ACL is blocking

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls