InServiceNow,Access Control Rules (ACLs)define thepermissionsrequired for users to interact with records, fields, or UI actions. ACLs are enforced at thedatabase leveland are evaluatedbefore granting accessto a user.
Access Control rules can be configured usingthree primary permission requirements:
Rolesdefine aset of permissionsassigned to users.
Access Control rules canrequire users to have a specific role(e.g.,admin,itil,catalog_admin) to perform an action on a table, field, or record.
Example:
A rule might state:Only users with theitilrole can read theIncidenttable.
Conditional expressionsallow access based on a specified condition.
These conditions areevaluated at runtime, and access is granted if they are met.
Example:
A condition could be:"Allow access if the record's 'State' field is 'New'".
This would mean that users can only modify records if their state is "New".
Scriptsallow advanced, custom logic to determine access.
ACLs supportserver-side scripts(written in JavaScript) that use thegs.hasRole(),currentobject, or other logic to evaluate whether a user should have access.
Example:
1. Roles (Correct -)2. Conditional Expressions (Correct -)3. Scripts (Correct -)javascript
CopyEdit
// Allow access only if the user is the requester of the record
answer = current.requested_for== gs.getUserID();
Scripts provideflexibilityby allowing complex access conditions beyond simple roles or expressions.
C. Assignment Rules(Incorrect)
Assignment Rulesare used toautomatically assign recordsto users or groups based on conditions.
They do not defineaccess control permissions.
E. User Criteria(Incorrect)
User Criteriais used inService CatalogandKnowledge Base (KB)to control access to catalog items or knowledge articles.
It isnot usedfor ACLs at the table/field level.
F. Groups(Incorrect)
Groupsare collections of users but cannot be directly used in ACLs.
Instead,roles(which are often assigned to groups) are used to define ACL permissions.
Why Other Options Are Incorrect?
ServiceNow Product Documentation - Access Control Rules
Access Control Rules Overview
Defining Access Control Rules
ServiceNow Security Model
Role-Based Access
Scripted ACLs
References from ServiceNow CSA Documentation:
