An ACL for a table may include table.none access control or a table.* access control, but never both.

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare effectively for the ServiceNow CAD certification. Study with detailed questions and explanations. Enhance your skills and knowledge for success in your exam!

Multiple Choice

An ACL for a table may include table.none access control or a table.* access control, but never both.

Explanation:
In ServiceNow, you can have multiple access control entries that target the same table, and those entries can use patterns like table.* and table.none. Access decisions are not limited to a single ACL rule; the system evaluates all applicable ACLs for the requested operation and user context, with more specific or explicit rules taking precedence. For example, you might have a table.* ACL that broadly allows a read operation for a broad group, and separately a table.none ACL that explicitly denies that same operation for a specific role or condition. When a user in that specific role attempts the read, the denial rule can apply, overriding the broader grant for that scenario. This demonstrates that both table.none and table.* can exist and be effective in the overall access control strategy. So the statement is false: you can indeed have both types of ACLs defined for the same table to implement layered or exception-based security.

In ServiceNow, you can have multiple access control entries that target the same table, and those entries can use patterns like table.* and table.none. Access decisions are not limited to a single ACL rule; the system evaluates all applicable ACLs for the requested operation and user context, with more specific or explicit rules taking precedence.

For example, you might have a table.* ACL that broadly allows a read operation for a broad group, and separately a table.none ACL that explicitly denies that same operation for a specific role or condition. When a user in that specific role attempts the read, the denial rule can apply, overriding the broader grant for that scenario. This demonstrates that both table.none and table.* can exist and be effective in the overall access control strategy.

So the statement is false: you can indeed have both types of ACLs defined for the same table to implement layered or exception-based security.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy