ServiceNow ACL Interview Questions

What is an ACL?

An access control is a security rule defined to restrict the permissions of a user from viewing and interacting with data. Most security settings are implemented using access controls.

All access control list rules specify:
1. The object and operation being secured
2. The permissions required to access the object

What are the different type of ACL?

Based on the operation, it is divided into 4 type i.e. Create, Read, Write, Delete.

Based on the level, it is divided into 3 type
Table level ACL with None
Table level ACL with * Wildcard
Field level ACL

What is the difference between Table.none and Table.* ACL?

- Table.none is a row level ACL which allows you to access records.
- Table.* is a field level ACL which gives Access to all field on the table.

Below are the scenario's to understand how none and * acl works together :

1. If we define a READ ACL with Table.None for users with role ITIL and ITIL_ADMIN

Result : Both ITIL_ADMIN and ITIL users will be able to view all records because they have read access to all records with no field level restrictions.

2. If we define a READ ACL with Table.None for ITIL_ADMIN, ITIL and Table.* for ITIL_ADMIN

Result : Only ITIL_ADMIN will have read access because the Table.* is an explicit rule at the field level that grants only ITIL_ADMIN read access to all fields.

3. If you define a READ ACL with Table.None for ITIL_ADMIN and Table.* for ITIL

Result : ITIL will not be able to view any records because they only have read access at the field level and not at the Record/Row level.

If we have ACL to make field read only and we have UI policy to make it editable, what would be the result?

A Field will still be read only. It doesn't matter if UI policy or client script is making it editable, user has to pass ACL rules to gain edit access.

Provide all ACL details which are required to achieve below scenario :
Users with Role A should have write access to all field except Configuration Item on incident table and Role B should have write access to Configuration Item field and all other fields should be read only?

1. Create new Table.None Read ACL and add both Role A and Role B which will allow both users to get row level read access.

2. Create new Table.None Write ACL and add both Role A and Role B which will allow them to get row level write access.

3. Create new Table.* Write ACL and add Role A only which will allow Role A users to edit all fields on incident table.

4. Create new Table.configuration_item Write ACL and add Role B which will allow only Role B to edit configuration item and it will not provide editable access to Role A users.

When we include roles, conditions and script in ACL, is it mandatory to satisfy all condition or only one of it?

Logged in user should satisfy all of three criteria then only ACL will grant access to user.

Can we configure ACLs being admin?

No, we need to elevate Security Admin role to configure ACL.

What is admin override in ACL?

Admin Override provides access to admin even if they don't satisfy ACL criteria.

Assignment for you:

1. What are the different ways to make particular field read only?

2. Is there anything above ACL which also can apply security restriction?

3. Why most of the entities like ACL forces developer to set result in 'answer' variable?

Real Time Sample Questions:

1. Many developer find ACL difficult to deal with, what is your opinion about this?

2. Did you ever face any issue/challenges while implementing ACLs?

4. What is your opinion about ACL debug functionality provided by servicenow? Did you ever use it? Do you find it useful? Do you think it needs improvement to make it easy for developers?

5. Did you ever create any ACL other than CRUD operation purpose?

shubham j 2024-07-04 06:25:25

i have been asked a question, Hide a specific field from Incident, problem, change, Service Portal, LIST VIEW from all this places in one go? how can we achieve it?

0 Helpfuls

Narasimha 2024-05-14 04:23:05

Hi All, I have been asked a question where i need to show only 2 state choices (InProgress and Pending) in List View only to the users based on the logged in user if he has specific role. Can anyone please help me if it is possible to hide few choices of state field to few users from List View in ServiceNow.

Lata 2024-05-26 11:12:01

I think they wanted to ask that user with the specific role user can see the state but they shouldn't be able to close incident form from list view in this case you can use oncell edit client script you can specify role first thn we can check if state is closed thn don't update record by sending false perameter to callback function which prevent record update else send true to callback.

0 Helpfuls

Narasimha 2024-06-04 02:27:08

Hi Lata,
Thank You for your response i got your point.
But they have clearly mentioned how to hide few choices from list view.

0 Helpfuls

Narasimha 2024-05-08 01:08:11

I have been asked a question that, The incident should be filtered based on the logged in Users country. I told it is possible using Before Query BR but interviewer is expecting this functionality to be done using ACL. does anyone have any idea about it?

Abhinandan 2024-06-09 05:13:18

You can create an ACL with a script, in the script you can compare the user's country and incident's country(if there is such field on the incident table), if they come out to be true then answer is true, else its false.

0 Helpfuls

Nira 2023-10-27 06:36:37

For Incident form, There is ACL which is restricting write access for a role and there is another ACL which allows user with same role to write. Which ACL will work, Will the user with that role able to write or not?

Tony 2023-11-08 02:45:21

Yes, user will be able to write. If user satisfies at least 1 ACL criteria then he will get required access.

1 Helpfuls

0 Helpfuls

vinay kumar 2023-04-07 11:51:12

execution order of Acl in ServiceNow ? and Read ,write, delete, create which one excute first ?

Robert 2023-04-13 06:55:22

Hi Vinay,

If user don't have READ access then providing WRITE, DELETE or CREATE access doesn't make any sense so I believe, READ ACL should be executing first which will make sure to not evaluate further ACL if user does not pass READ access.

1 Helpfuls

Dhruv 2024-03-13 22:54:37

Execution order is always :
Role >> Condition >> Script

0 Helpfuls

2 Helpfuls

Add your own interview question

servicenow acl interview questions

What is an ACL?

What are the different type of ACL?

What is the difference between Table.none and Table.* ACL?

If we have ACL to make field read only and we have UI policy to make it editable, what would be the result?

Provide all ACL details which are required to achieve below scenario :
Users with Role A should have write access to all field except Configuration Item on incident table and Role B should have write access to Configuration Item field and all other fields should be read only?

When we include roles, conditions and script in ACL, is it mandatory to satisfy all condition or only one of it?

Can we configure ACLs being admin?

What is admin override in ACL?

Assignment for you:

Real Time Sample Questions:

User Added Interview Question and Answers

i have been asked a question, Hide a specific field from Incident, problem, change, Service Portal, LIST VIEW from all this places in one go? how can we achieve it?

I have been asked a question that, The incident should be filtered based on the logged in Users country. I told it is possible using Before Query BR but interviewer is expecting this functionality to be done using ACL. does anyone have any idea about it?

For Incident form, There is ACL which is restricting write access for a role and there is another ACL which allows user with same role to write. Which ACL will work, Will the user with that role able to write or not?

execution order of Acl in ServiceNow ? and Read ,write, delete, create which one excute first ?

Comments

servicenow acl interview questions

What is an ACL?

What are the different type of ACL?

What is the difference between Table.none and Table.* ACL?

If we have ACL to make field read only and we have UI policy to make it editable, what would be the result?

Provide all ACL details which are required to achieve below scenario : Users with Role A should have write access to all field except Configuration Item on incident table and Role B should have write access to Configuration Item field and all other fields should be read only?

When we include roles, conditions and script in ACL, is it mandatory to satisfy all condition or only one of it?

Can we configure ACLs being admin?

What is admin override in ACL?

Assignment for you:

Real Time Sample Questions:

User Added Interview Question and Answers

i have been asked a question, Hide a specific field from Incident, problem, change, Service Portal, LIST VIEW from all this places in one go? how can we achieve it?

I have been asked a question that, The incident should be filtered based on the logged in Users country. I told it is possible using Before Query BR but interviewer is expecting this functionality to be done using ACL. does anyone have any idea about it?

For Incident form, There is ACL which is restricting write access for a role and there is another ACL which allows user with same role to write. Which ACL will work, Will the user with that role able to write or not?

execution order of Acl in ServiceNow ? and Read ,write, delete, create which one excute first ?

Comments

Provide all ACL details which are required to achieve below scenario :
Users with Role A should have write access to all field except Configuration Item on incident table and Role B should have write access to Configuration Item field and all other fields should be read only?