Scribd
Upload
81 views3 pages

To Ornotto : Demonstration Setup

- The document discusses the use of "ACL None" and "ACL *" in ServiceNow to control access to records and fields. - "ACL None" grants access to all records and fields, while "ACL *" grants access to records and any fields not specified in other ACLs. - An example demonstrates that an ACL with just "ACL None" grants all users access to all fields, while adding an ACL with a specific field denies that field to other users. - Another example shows that adding "ACL *" to an ACL with "ACL None" denies access to all other users for all fields, even if they were granted by "ACL None".

Uploaded by

ranjithgottimukkala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
81 views3 pages

To Ornotto : Demonstration Setup

- The document discusses the use of "ACL None" and "ACL *" in ServiceNow to control access to records and fields. - "ACL None" grants access to all records and fields, while "ACL *" grants access to records and any fields not specified in other ACLs. - An example demonstrates that an ACL with just "ACL None" grants all users access to all fields, while adding an ACL with a specific field denies that field to other users. - Another example shows that adding "ACL *" to an ACL with "ACL None" denies access to all other users for all fields, even if they were granted by "ACL None".

Uploaded by

ranjithgottimukkala
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

In the "Developer" Site you can find a course with a great explanation about the use of ACL * and

ACL none
 
https://developer.servicenow.com/app.do#!/lp/new_to_servicenow/app_store_learnv2_securingapps
_kingston_to_or_not_to?v=kingston
 
Here is the explanation from "Developer" Site with the example
 

To * or Not to *
The Name field in an Access Control specifies the table records to protect and a field to protect. The
field list has a –None– option and a * option.

 –None–: Grant access to records and all fields in the records.


 *: Grant access to all fields where there is no field-specific Access Control.

At first glance, –None– and * seem to grant the same thing: access to all fields on a record. To tell
the difference in behavior, you need to see how –None– and * work together and with other Access
Controls.
 

Demonstration Setup
The examples use an application called Generic that has a single table called Table. Table has five
columns: Field 1, Field 2, Field 3, Field 4, and Field 5.

 
The application has two roles:

 x_58872_generic.admin, assigned to Fred Luddy


 x_58872_generic.table_user, assigned to Beth Anglin

–None– without *
Examine the two read Access Controls. Pay attention to the field value and the roles. The
screenshots have been edited to show only the pertinent parts of the Access Control.

 
Using this Access Control List (ACL), Fred can see:

 
Using this ACL, Beth can see:

 
How does this work?

 The None Access Control granted all rows and all fields to both Fred and Beth.
 The Field 3 Access Control granted Field 3 access to Fred. Giving Field 3 explicitly to Fred
removed Field 3 access from Beth even though she was granted Field 3 access by the None
Access Control.

–None– with *
Examine the three read Access Controls. Pay attention to the field value and the roles. The
screenshots have been edited to show only the pertinent parts of the Access Control.

 
Using this ACL, Fred can see:

 
Using this ACL, Beth can see:
 
How does this work?

 The None Access Control granted all rows and all fields to both Fred and Beth.
 The * Access Control granted all rows and all fields to Fred. It seems redundant to have this
Access Control because Fred already had access to all rows and all fields. The purpose of
this Access Control is to deny access to all other roles, even roles granted permission by the
None Access Control.
 The Field 3 Access Control explicitly gives Beth access to Field 3 even though Beth was
denied access to Field 3 by the * Access Control. Field-specific Access Controls take
precedence over * Access Controls.

Conclusions
You cannot write * Access Controls without None because only None grants access to records.
When writing an ACL that mostly grants access, use only None.
When writing an ACL that mostly denies access, use None and *.
 

You might also like