Users are Able to see Page Structure on Forms restricted by ACL's - Support and Troubleshooting

Users are Able to see Page Structure on Forms restricted by ACL's Issue  Overview When users who doesn't have read/ write access to a table/ record try to open the record directly(using a url), they are able to see page structure which includes Form Sections and Related Lists.

Example Screenshot Below:

UI Page structure is visible for Forms By default and as per OOB ACL configuration, all users are provided with access to UI pages via */read ACL. Further access to certain UI Pages can be managed by creating read ACL on specific pages, for Forms, it is maintained by */read ACL on UI_Page. ACL's applied on Tables only restrict access to their data and not the form structure which comes from a UI Page.

Hence users without any access to table data are able to see the Form structure.

In case page structure is required to be restricted for unauthorized users then ACL would need to be customized to add conditions/ scripts which could define the criteria/ parameters for access restriction. Such ACL would be required to be applied on UI_Page

Version Information This Information is applicable to all ServiceNow versions.