ServiceNow ACL Interview Questions 2025

What is an ACL?

An access control is a security rule defined to restrict the permissions of a user from viewing and interacting with data. Most security settings are implemented using access controls.

All access control list rules specify:
1. The object and operation being secured
2. The permissions required to access the object

What are the different type of ACL?

Based on the operation, it is divided into 4 type i.e. Create, Read, Write, Delete.

Based on the level, it is divided into 3 type
Table level ACL with None
Table level ACL with * Wildcard
Field level ACL

What is the difference between Table.none and Table.* ACL?

- Table.none is a row level ACL which allows you to access records.
- Table.* is a field level ACL which gives Access to all field on the table.

Below are the scenario's to understand how none and * acl works together :

1. If we define a READ ACL with Table.None for users with role ITIL and ITIL_ADMIN

Result : Both ITIL_ADMIN and ITIL users will be able to view all records because they have read access to all records with no field level restrictions.

2. If we define a READ ACL with Table.None for ITIL_ADMIN, ITIL and Table.* for ITIL_ADMIN

Result : Only ITIL_ADMIN will have read access because the Table.* is an explicit rule at the field level that grants only ITIL_ADMIN read access to all fields.

3. If you define a READ ACL with Table.None for ITIL_ADMIN and Table.* for ITIL

Result : ITIL will not be able to view any records because they only have read access at the field level and not at the Record/Row level.

If we have ACL to make field read only and we have UI policy to make it editable, what would be the result?

A Field will still be read only. It doesn't matter if UI policy or client script is making it editable, user has to pass ACL rules to gain edit access.

Provide all ACL details which are required to achieve below scenario :
Users with Role A should have write access to all field except Configuration Item on incident table and Role B should have write access to Configuration Item field and all other fields should be read only?

1. Create new Table.None Read ACL and add both Role A and Role B which will allow both users to get row level read access.

2. Create new Table.None Write ACL and add both Role A and Role B which will allow them to get row level write access.

3. Create new Table.* Write ACL and add Role A only which will allow Role A users to edit all fields on incident table.

4. Create new Table.configuration_item Write ACL and add Role B which will allow only Role B to edit configuration item and it will not provide editable access to Role A users.

When we include roles, conditions and script in ACL, is it mandatory to satisfy all condition or only one of it?

Logged in user should satisfy all of three criteria then only ACL will grant access to user.

Can we configure ACLs being admin?

No, we need to elevate Security Admin role to configure ACL.

What is admin override in ACL?

Admin Override provides access to admin even if they don't satisfy ACL criteria.

Assignment for you:

1. What are the different ways to make particular field read only?

2. Is there anything above ACL which also can apply security restriction?

3. Why most of the entities like ACL forces developer to set result in 'answer' variable?

Real Time Sample Questions:

1. Many developer find ACL difficult to deal with, what is your opinion about this?

2. Did you ever face any issue/challenges while implementing ACLs?

4. What is your opinion about ACL debug functionality provided by servicenow? Did you ever use it? Do you find it useful? Do you think it needs improvement to make it easy for developers?

5. Did you ever create any ACL other than CRUD operation purpose?


Prepared and confident for your interview?

Practice makes perfect! Test your skills with our virtual interview practice buddy and ensure you're fully ready for your upcoming interview.

🎯 Start Practicing

User Added Interview Question and Answers

Adarsh 2025-04-23 02:23:43

If we do not apply any ACL on the table then what will happen? Will the table be visible to normal users of not with limited or no role.


Vishal 2025-04-25 17:50:53
Access Control Lists (ACLs) are the primary mechanism for controlling access to tables, records, and fields. If no ACLs are applied to a table, the behavior depends on the ServiceNow instance's security configuration, particularly whether High Security Settings are enabled, and the default access behavior of the platform. Below is a detailed explanation of what happens when no ACLs are applied to a table and whether the table is visible to normal users (including those with limited or no roles).
0 Helpfuls
0 Helpfuls


Ammy Singh 2025-04-17 04:45:47

Please can someone provide answer to this question: How to show incidents to users only if they are part of current assignment group?


Sainath 2025-06-11 02:22:57
IN ACL Script : if(gs.getuser().isMemberOf('current.assignment_group'){ answer=ture; }else{ answer=false }
0 Helpfuls
unknown 2025-11-04 06:12:48
filter condition: assignment group is(dynamic) one of my group.
1 Helpfuls
0 Helpfuls


A 2024-09-24 09:01:36

How to bypass ACL for specific users which has nobody role added, without creating new ACL? (and without admin override)

0 Helpfuls


shubham j 2024-07-04 06:25:25

i have been asked a question, Hide a specific field from Incident, problem, change, Service Portal, LIST VIEW from all this places in one go? how can we achieve it?


Kamini 2024-08-10 01:51:01
Make the field inactive
0 Helpfuls
snowexpertaastik 2024-11-30 03:27:05
Hi Shubham, You can create an ACL on the task table with the operation set to add_to_list. By doing this, users will not be able to personalize that particular field. As a result, they won’t be able to see it in the list view or interact with it
1 Helpfuls
Samaksh 2025-06-26 11:28:39
Dictionary Attribute (Global Control) Go to: System Definition > Dictionary Search for the field (e.g., cmdb_ci) Open the dictionary entry Add or modify the Attributes: glide.ui.hidden = true → hides the field from form view glide.list.hidden = true → hides the field from list view
0 Helpfuls
0 Helpfuls


Narasimha 2024-05-14 04:23:05

Hi All, I have been asked a question where i need to show only 2 state choices (InProgress and Pending) in List View only to the users based on the logged in user if he has specific role. Can anyone please help me if it is possible to hide few choices of state field to few users from List View in ServiceNow.


Lata 2024-05-26 11:12:01
I think they wanted to ask that user with the specific role user can see the state but they shouldn't be able to close incident form from list view in this case you can use oncell edit client script you can specify role first thn we can check if state is closed thn don't update record by sending false perameter to callback function which prevent record update else send true to callback.
0 Helpfuls
Narasimha 2024-06-04 02:27:08
Hi Lata, Thank You for your response i got your point. But they have clearly mentioned how to hide few choices from list view.
0 Helpfuls
mahendra 2024-09-20 09:00:06
To show only the "In Progress" and "Pending" state choices in the list view based on the logged-in user's role, I would create an on-cell edit client script. This script will check if the user has the specific role and, if so, it will filter the state choices in the list view. This way, only the relevant options are displayed to the user in the list view, making it user-friendly and role-specific. I chose an on-cell edit client script because it runs only when a cell is edited in the list, providing a dynamic experience without affecting other users. This solution ensures that the right state choices are available based on the user's role without impacting performance or other areas of the platform.
0 Helpfuls
0 Helpfuls


Narasimha 2024-05-08 01:08:11

I have been asked a question that, The incident should be filtered based on the logged in Users country. I told it is possible using Before Query BR but interviewer is expecting this functionality to be done using ACL. does anyone have any idea about it?


Abhinandan 2024-06-09 05:13:18
You can create an ACL with a script, in the script you can compare the user's country and incident's country(if there is such field on the incident table), if they come out to be true then answer is true, else its false.
0 Helpfuls
Abel Tuter 2024-11-30 04:26:55
Hi Narasimha , you can write below script in ACL Script var currentUser = gs.getUserID(); var loggedInUser = new GlideRecord('sys_user'); if (loggedInUser.get(currentUser)) { // Get the Sys ID or name of the location for the logged-in user var currUserLocation = loggedInUser.location; // This will return Sys ID // Get the Sys ID of the incident location var incidentLocation = current.location; // This should already be a Sys ID // Compare the two Sys IDs if (currUserLocation == incidentLocation) { answer = true; // User can access } else { answer = false; // User cannot access } }
0 Helpfuls
0 Helpfuls


Nira 2023-10-27 06:36:37

For Incident form, There is ACL which is restricting write access for a role and there is another ACL which allows user with same role to write. Which ACL will work, Will the user with that role able to write or not?


Tony 2023-11-08 02:45:21
Yes, user will be able to write. If user satisfies at least 1 ACL criteria then he will get required access.
2 Helpfuls
Srushti 2025-05-06 00:28:27
If one ACL denies and another allows, denial wins in ServiceNow. The user will not have write access unless there’s an ACL with a more permissive condition that explicitly allows it, and no ACLs deny it.
0 Helpfuls
0 Helpfuls


vinay kumar 2023-04-07 11:51:12

execution order of Acl in ServiceNow ? and Read ,write, delete, create which one excute first ?


Robert 2023-04-13 06:55:22
Hi Vinay, If user don't have READ access then providing WRITE, DELETE or CREATE access doesn't make any sense so I believe, READ ACL should be executing first which will make sure to not evaluate further ACL if user does not pass READ access.
1 Helpfuls
Dhruv 2024-03-13 22:54:37
Execution order is always : Role >> Condition >> Script
0 Helpfuls
Aurobinda Behera 2025-02-28 15:50:22
Create --> read --> write --> delete
0 Helpfuls
2 Helpfuls






🚀 Power Up Your ServiceNow Career

Join a growing community of smart ServiceNow professionals to stay ahead in interviews, sharpen your development skills, and accelerate your career.

Fuel My Passion

Loving the content? Well, of course you are. Here’s your chance to indirectly fuel the chaos that keeps this website running. Your contribution helps keep the wheels turning and allows me to continue pretending to be a responsible adult—while cranking out more content for you. Thanks for supporting my delusional dreams and helping me keep this website alive!


Buy Me a Coffee

Support with UPI

If you prefer making a UPI payment to support the website maintenance cost, scan the QR code below:

UPI QR Code

Comments