CSA Question #173: Real Exam Question with Answer & Explanation

Question

How would you define an Access Control, to allow a user with itil role to have permission to create incident records?

Options

• AName: incident.None; Operation: create; Role: itil
• BName: incident.Any; Operation: write; Permission: itil
• CName: incident:*; Permission: write; Role: itil
• DName: incident.None; Permission: create; Role: itil
• EName: incident:*;Operation: write; Permission: itil

Explanation

To allow itil users to create incident records, an Access Control should be defined with the Name: incident.None, Operation: create, and Role: itil.

Common mistakes.

• B. incident.Any or incident:* are not standard naming conventions for table-level create ACLs, and Operation: write is for modifying existing records, not creating new ones.
• C. incident:* is used for field-level ACLs or sometimes for a collection of fields, and Operation: write is for updating existing records, not creating.
• D. "Permission" is not the correct field name for an Access Control; it should be "Operation."
• E. incident:* is not the correct naming for a table-level create operation, and "Permission" is not the correct field name.

Concept tested. Access Control List (ACL) for table-level create

Reference. https://docs.servicenow.com/bundle/utah-platform-security/page/administer/contextual-security/concept/acl-rules-access.html

No community discussion yet for this question.