Field ACL rules

Field ACL rules are processed in a certain order.

Field ACL rules are processed in the following order:
  1. Match the table and field name. For example, incident.number.
  2. Match the parent table and field name. For example, task.number.
  3. Match any table (wildcard) and field name. For example, *.number.
  4. Match the table and any field (wildcard). For example, incident.*.
  5. Match the parent table and any field (wildcard). For example, task.*.
  6. Match any table (wildcard) and any field (wildcard). For example, *.*.

The first successful evaluation stops ACL rule processing at the field level. This means that when a user passes a field ACL rule, the system stops searching for matching field ACL rules. The user must also pass the table ACL rules to be granted access to the record object. For example, if a user passes the field ACL rule for incident.number, the system stops searching for rules that secure the Number field. The user must then pass the table ACL rules on incident to see the Number field.