ACL troubleshooting reference

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of ACL Troubleshooting Reference

    ACL troubleshooting focuses on identifying errors in Access Control List (ACL) rules and utilizing debugging tools to resolve related issues. Understanding permissions at the ACL level is crucial for maintaining security and ensuring users have the appropriate access to resources.

    Show full answer Show less

    Key Features

    The Access Analyzer tool provides administrators with visibility into the permissions assigned to users, roles, or groups. This tool helps in:

    • Identifying overly permissive configurations.
    • Maintaining least-privilege access principles.

    Debugging can be enabled to assist in troubleshooting issues related to ACL rules.

    Key Outcomes

    Common troubleshooting scenarios include:

    • Custom Table Access Issues: Create a table ACL rule granting access, as users need explicit rules to access custom tables.
    • Custom ACL Rule Problems: Check for precedence issues or unmet permission requirements by enabling debugging.
    • Field ACL Rule Failures: Determine if a conflicting table rule affects access and verify all relevant conditions.
    • Table ACL Rule Conflicts: Identify higher-precedence or duplicate rules causing failures through debugging.
    • Field Visibility Issues: Ensure that conditions/scripts are consistent between lists and forms.
    • Errors in Script Execution: Verify ACL for processors or client-callable scripts and adjust rules or user roles as necessary.

    By following these guidelines and utilizing debugging tools, ServiceNow customers can effectively troubleshoot ACL-related issues and enhance their security posture.

    ACL troubleshooting includes identifying ACL rule errors and use the debugging tools to fix the ACL related problems.

    Access analyzer

    Access analyzer helps the administrators to view permissions for the selected user, role, or group. It is a diagnostic security tool that provides comprehensive visibility into resource permissions and access controls at the Access Control List (ACL) level, enabling you to understand who has access to their resources, identify overly permissive configurations, and maintain least-privilege access principles. To learn more about how to use the tool, see Access analyzer.

    Enable debugging

    Enable debugging to help troubleshoot an issue.

    Table 1. Troubleshoot
    Error or symptom Solution
    You cannot access records from a custom table. Create a table ACL rule for the custom table granting users access to the table. Without an explicit table ACL rule, users must pass the permissions in the table wildcard (*) ACL rule, which by default restricts access to administrators only. Enable debugging and determine what ACL rules are evaluated for the custom table.
    You create a custom ACL rule that does not work properly. The most likely problems are that another rule takes precedence over your custom rule in the processing order or that the user does not meet all the permission requirements for the object type. Enable debugging and verify that the ACL rule is being evaluated.
    Your field ACL rule does not work properly. There is likely a table ACL rule that the user has not met. Enable debugging and determine what ACL rules are evaluated for the field. Verify that there is not a conflicting table ACL rule or duplicate field ACL rule.
    Your table ACL rule does not work properly. There is either an ACL rule higher in the processing order or a duplicate table ACL rule interfering with the table ACL rule. Enable debugging and determine what ACL rules are evaluated for the table.
    You can see a field in a list but not in form. It is possible that the ACL rule conditions or script are being triggered in the list but not in the form. Enable debugging and determine when the ACL rules evaluate to true. Update the conditions or script to have the same behavior on the list and form.
    You receive an error message when trying to execute a processor or client-callable script include. There is an ACL rule for the processor or client-callable script include that the user has not met. If the user should have access to the object, enable debugging and determine what ACL rules are evaluated for the processor or script include. Update the ACL rule or the user roles as needed to access the object.