servicenow acl interview questions
What is an ACL?
An access control is a security rule defined to restrict the permissions of a user from viewing and interacting with data. Most security settings are implemented using access controls.
All access control list rules specify:
1. The object and operation being secured
2. The permissions required to access the object
What are the different type of ACL?
Based on the operation, it is divided into 4 type i.e. Create, Read, Write, Delete.
Based on the level, it is divided into 3 type
Table level ACL with None
Table level ACL with * Wildcard
Field level ACL
What is the difference between Table.none and Table.* ACL?
- Table.none is a row level ACL which allows you to access records.
- Table.* is a field level ACL which gives Access to all field on the table.
Below are the scenario's to understand how none and * acl works together :
1. If we define a READ ACL with Table.None for users with role ITIL and ITIL_ADMIN
Result : Both ITIL_ADMIN and ITIL users will be able to view all records because they have read access to all records with no field level restrictions.
2. If we define a READ ACL with Table.None for ITIL_ADMIN, ITIL and Table.* for ITIL_ADMIN
Result : Only ITIL_ADMIN will have read access because the Table.* is an explicit rule at the field level that grants only ITIL_ADMIN read access to all fields.
3. If you define a READ ACL with Table.None for ITIL_ADMIN and Table.* for ITIL
Result : ITIL will not be able to view any records because they only have read access at the field level and not at the Record/Row level.
If we have ACL to make field read only and we have UI policy to make it editable, what would be the result?
A Field will still be read only. It doesn't matter if UI policy or client script is making it editable, user has to pass ACL rules to gain edit access.
Provide all ACL details which are required to achieve below scenario :
Users with Role A should have write access to all field except Configuration Item on incident table and Role B should have write access to Configuration Item field and all other fields should be read only?
Users with Role A should have write access to all field except Configuration Item on incident table and Role B should have write access to Configuration Item field and all other fields should be read only?
1. Create new Table.None Read ACL and add both Role A and Role B which will allow both users to get row level read access.
2. Create new Table.None Write ACL and add both Role A and Role B which will allow them to get row level write access.
3. Create new Table.* Write ACL and add Role A only which will allow Role A users to edit all fields on incident table.
4. Create new Table.configuration_item Write ACL and add Role B which will allow only Role B to edit configuration item and it will not provide editable access to Role A users.
When we include roles, conditions and script in ACL, is it mandatory to satisfy all condition or only one of it?
Logged in user should satisfy all of three criteria then only ACL will grant access to user.
Can we configure ACLs being admin?
No, we need to elevate Security Admin role to configure ACL.
What is admin override in ACL?
Admin Override provides access to admin even if they don't satisfy ACL criteria.
Assignment for you:
1. What are the different ways to make particular field read only?
2. Is there anything above ACL which also can apply security restriction?
3. Why most of the entities like ACL forces developer to set result in 'answer' variable?
Real Time Sample Questions:
1. Many developer find ACL difficult to deal with, what is your opinion about this?
2. Did you ever face any issue/challenges while implementing ACLs?
4. What is your opinion about ACL debug functionality provided by servicenow? Did you ever use it? Do you find it useful? Do you think it needs improvement to make it easy for developers?
5. Did you ever create any ACL other than CRUD operation purpose?