The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ACLs evaluate script, even when not advanced

Michael Dobner
Mega Guru

Hi,

assume there is only one table level ACL for Incident.

find_real_file.png

Itil users can now see Incident.

Now, in script, set answer to false.

find_real_file.png

Itil Users can no longer see Incidents (yes assume no parent table acls...).

Now take the "advanced" flag away:

find_real_file.png

Can ITIL users now see Incidents?

Answer: NO

Because the script field is evaluted no matter Advanced is checked or not. => answer = false

Seen in Istanbul Patch 7 Hotfix1 and Jakarta Patch 0.

Was this always like this? Is this on purpose!?! Do I now need to fix script EVERY Acl, that has advanced == false AND script contains something, in order to set the script to "answer = true"?

2 REPLIES 2

antin_s
ServiceNow Employee
ServiceNow Employee

Hi Michael,



Yes, you are right. It may be on purpose, but it seems to be an issue.



You may write a small script to go over all the ACLs which are not advanced and empty the script section.



Hope this helps. Mark the answer as correct/helpful based on impact.



Thanks


Antin


sbh
Giga Guru

In fact, it evaluates the script when Advanced is unchecked and the entire script is commented out. Which makes me think it probably evaluates commented-out lines of scripts I intend to run. To me, that's not expected behavior at all.