CSA Question #65: Real Exam Question with Answer & Explanation

Question

Which one statement correctly describes Access Control rule evaluation?

Options

• ATable access rules are evaluated from the general to the specific
• BIf more than one rule applies to a record, the older rule is evaluated first
• CIf a row level rule and a field level rule exist, both rules must be true before an operation is
• DThe role with the most permissions evaluates the rules first.

Explanation

When both row-level and field-level Access Control Rules (ACLs) are applicable, both must evaluate to true for a user to gain access to perform an operation on that specific field.

Common mistakes.

• A. Table access rules are evaluated from the most specific to the most general (e.g., field-level before table-level, and specific table before all tables), which is the opposite of general to specific.
• B. The evaluation order of ACLs is determined by their specificity (field, then record, then table) and type of access, not by their creation date or age.
• D. Roles determine a user's permissions, but the evaluation order of ACLs themselves is based on the object (table/field) and type of access, not on the roles' permission levels.

Concept tested. Access Control Rule (ACL) evaluation order

Reference. https://docs.servicenow.com/bundle/utah-platform-security/page/administer/contextual-security/concept/c_ACLRulesEvaluationOrder.html

No community discussion yet for this question.