ACLs are like a lock and key

Understanding ACLs is one of the most important things for a ServiceNow administrator and developer.

I like to think of them as locks and keys, or if you're more modern keycards.

A row ACL is locking the door into the room.

A column ACL is locking a cabinet within that room.

This came up from a question in the slack where someone was asking about preventing users from reporting on a specific column in their table. But this is a backwards way to think about it. Instead of trying to restrict a class of users, think instead about who should have access. Is it a column that is only needed for managers and not needed for agents? In other words you don't want to set up a system where a door is unlocked at rest and is only locked for certain people.

The doors and cabinets analogy reinforces that you need row level access to do anything with column level access. Having the key to a cabinet in a room you can't enter does not give you access to the cabinet.


Popular Posts