I think SN switched from "general-to-specific" to "specific-to-general" somewhere between San Diego and Tokyo.
In San Diego:
This processing order ensures that users gain access to more general objects before gaining access to more specific objects. A user must pass both table and field ACL rules to access a record object.
In Tokyo:
This processing order ensures that users gain access to more specific objects before gaining access to more general objects. A user must pass both table and field ACL rules to access a record object.
In my "Additional ServiceNow Fundamentals Content for System Administrators and Developers course" (San Diego edition), it says:
When a session requests data, the system looks for matching access control rules.
Record ACL rules are processed in the following order:
1. Match the object against table ACL rules - most specific to most general.
2. Match the object against field ACL rules - most specific to most general.
The correct statement is A. Table access rules are evaluated from the general to the specific.
In ServiceNow, the evaluation of Access Control rules follows a general-to-specific order. This means that the more general rules are evaluated first, followed by more specific rules. The system checks the access control rules for a table, starting with the global (most general) rules, and then proceeds to evaluate table-specific and field-specific rules.
Answer is A
In ServiceNow, if both a row-level rule and a field-level rule exist, both rules do not need to be true for an operation to be allowed. The rules are evaluated independently, and if either the row-level rule or the field-level rule allows the operation, it will be permitted.
A is correct.
option C describes a specific case, it does not capture the general rule for all access control rule evaluations in ServiceNow. Option A, which states that table access rules are evaluated from the general to the specific, is a more universally applicable statement.
I want to say A, but, if you think about a single field on a table, the rules are evaluated: specific to general.
incident.description is evaluated before incident.*
Since A is wrong, it must be C.
And to respond to Bubu770, who asked about "row", perhaps a table might contain 10 entries (rows) and after evaluating rules on each row, you might be able to see 6 of the rows.
I think A is correct.
https://docs.servicenow.com/bundle/tokyo-platform-security/page/administer/contextual-security/concept/acl-rule-types.html
Record ACL rules are processed in the following order:
Match the object against table ACL rules.
Match the object against field ACL rules.
This processing order ensures that users gain access to more general objects before gaining access to more specific objects. A user must pass both table and field ACL rules to access a record object.
If a user fails a table ACL rule, the user is denied access to all fields in the table, even if the user passes a field ACL rule.
If a user passes a table ACL rule, but fails a field ACL rule, the user cannot access the field described by the field ACL rule.
This section is not available anymore. Please use the main Exam Page.CSA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Jorr
Highly Voted 1 year, 12 months agoadyrip
Most Recent 5 months agoTimmyLam
8 months, 1 week agoba14741
9 months, 3 weeks agoMihaf92
1 year, 3 months agocluelessdood
1 year, 4 months agoDekoreh
1 year, 5 months agoShimdog
1 year, 5 months agoMax191
1 year, 6 months agoSunnyNik
1 year, 6 months agoSunnyNik
1 year, 6 months agoHimanPatel
1 year, 6 months agoSpiderman5000
1 year, 12 months agoandycsa
2 years agoandycsa
2 years agotipsybroom
2 years agoPLiza2
2 years ago