Announcing the Global SNUG Board of Directors. Learn more here
As software people, we often think in Boolean expressions: Things are black or white, true or false, red or green. The same goes for access permissions in ServiceNow. You either have access or you do not, there are no grey areas.
I often hear "I have given the ITIL role this access, why does it not work?"
When we run the Debug Security it tells us "yes" or "no" on access rights. However, understandings the grey areas may prevent some issue from cropping up or help solve issues when they occur while evaluating row level and field level Access Control Lists (ACLs).
Now that we know the difference between row level and field level, how are they evaluated? The answer is best explained with a picture:
This means that it will evaluate:
An ACL that allows you to write on any row level, and denies access on all field levels, will not allow access to the record, due to the AND statement between row level and field level. Only an ACL that allows you to write on any row level, allows you to write on any field level will allow write ability to the record.
Assuming the row level ACLs evaluate to True, what if some field level ACLs evaluate to true and some do not? The answer is that it depends on the type of field level ACLs. Those that are read and evaluate to True will allow the field to display. Those that are read and evaluate to False will prevent the field from displaying. If the read ACL evaluates to true and the write ACL evaluates to false, the field will display in read only mode.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.