scoped ACL are not evaluating if it passes global acl

Keyurkumar Chau
ServiceNow Employee
ServiceNow Employee

At first it runs global acls and it passes then it is not checking for scoped acls even it satisfy the condition of it.

So how we can runs the scoped acls?

 

Screenshot 2024-08-06 at 11.02.42 AM.png

8 REPLIES 8

Why do you expect ACLs that are protecting a scoped record to be evaluated when you are opening an OOB table record? 

What is your use case? You say you want to protect scoped records through ACL. What does that have to do with the kb_feedback record which is OOB? What are you evaluating? How do you expect to evaluate scoped access by opening global records?


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

kb_feedback record is not scope separated but there is one reference field knowledge and knowledge.kb_knowledge_base record is scoped, so we wants to run if that matches the scope then it should evaluate that scope acls only for kb_feedback record like below:
Screenshot 2024-08-06 at 12.38.21 PM.png 

Your script says: answer=false. This means that this will always return false, no matter what. 

The problem you are facing due to your dotwalking, is that your user needs read rights on the tables to check on every step of your dotwalk, otherwise it can't evaluate. So if the user is not allowed to read the application scope, this ACL can't be evaluated. 

How many knowledge base are on that application? Just exclude the knowledge base itself.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Let's say I am removing condition it-self, still it is not evaluating

Screenshot 2024-08-06 at 4.30.59 PM.png

There are 4 knowledge base are in that scope.