The Elements of an ACL

To get a good understanding of an ACL lets start by reviewing the fields on the ACL Form. Doing this will set you up with a fundamental understanding of how the elements of an ACL and their values impact the operation of an ACL.

Image: The fields of an ACL record

Image: The Conditions section of the ACL form

Key Elements of an ACL

The values of an ACL's fields define the application and evaluation of an ACL. For example the choice between Allow If and Deny Unless for the Decision Type field has a dramatic impact upon how multiple ALCs protecting one object will be evaluated and the Applies To field will determine if an ACL is ever applied to a particular record in a table or simply ignored.

In the following lessons we will gain a deep understanding of the key ACL elements, their values and effects with a focus on the type, operation, decision type, name, roles, conditions, and scripts components.

Before we dive deeper, let's do a quick introduction to these key elements.

The Type of an ACL specifies the type of object within ServiceNow that the ACL protects. Types include, records, ui_pages, processors, REST_endpoints, client_callable_script_includes and more.

The Operation determines what action is being protected. Common operations include create, read, write, delete and execute.

The Decision Type is new in Xanadu and determines the way in which an ACL operates with regards to allowing or denying access to the protected object. Decision Type also impacts the order in which an ACL is evaluated in relation to other ACLs protecting a similar object.

The Name of an ACL identifies the ACL and for ACLs or Type = Record and ui_page determines the scope at which the ACL applies. There are different ways in which the Name field operates for different ACL Types that we will cover later.

Data and Security Attribute Conditions define the conditions that users must pass in order to access the data you are protecting.

Required roles describe the roles which users must have to access the object protected by an ACL.

Script Condition combines with the Required roles and other conditions to provide options for achieving more complex access control requirements.

Now that we have had an introduction to the key elements of an ACL let's review them in more depth.

Lesson Summary

Components of ACLs in ServiceNow are crucial for managing access control effectively. The key components include:

• Type: Specifies the type of object the ACL protects, such as Records, ui_pages, processors, REST_endpoints, or client_callable_script_includes.
• Operation: Determines the action being safeguarded, like read, write, or delete.
• Decision Type: Defines whether access is allowed if certain conditions are met (Allow If) or denied unless conditions are satisfied (Deny Unless), impacting how multiple ACLs for the same object function.
• Name: Identifies the ACL, with implications for its scope in cases like Record, ui_page, and client_callable_script_include types.
• Conditions: Establish the criteria for user access to protected data.
• Roles: Determine user access based on their assigned roles.
• Scripts: Work alongside roles and conditions to offer more advanced access control possibilities.

Understanding these components and their values is essential for grasping how ACLs operate and influence access control in ServiceNow. By delving into the details of each field on the ACL form and exploring their impact on ACL evaluation and execution, you can gain a comprehensive insight into effectively managing access and security within your ServiceNow environment.