Non Role user can open an incomplete incident from the Service PortalIssue Issue:Non Role user can open an incomplete incident from the Service PortalSteps to Reproduce:- Log into instance- Impersonate as user with read only roles- Go to URL: https://<instance_name>.service-now.com/sp/?id=form&table=incident&filter=active%3Dtrue&sys_id=-1&v=- Notice user is able to submit incidentCauseMost Probable Cause:- User doesn't have any roles assigned.- Checked the create ACL on incident table and there is no restriction added for any roles. (https://<instance_name>.service-now.com/nav_to.do?uri=sys_security_acl.do?sys_id=80a7a096c0a8016662c872762163bbdc)ResolutionIf you want to make incident form read only on the portal for the user : create a role and assign to the user.On the create ACL above, you need to add a script check if the user has the new created role and set the answer to false. (https://<instance_name>.service-now.com/nav_to.do?uri=sys_security_acl.do?sys_id=80a7a096c0a8016662c872762163bbdc)Example code below: [code]<pre><code>answer = true;<br/>if (gs.hasRole('new_restriced_role'))<br/> answer = false;<br/>if(pm.isActive('com.snc.incident.mim') && current.major_incident_state == 'accepted'){<br/> if(gs.hasRole('major_incident_manager'))<br/> answer = true;<br/> else<br/> answer = false;<br/>}<br/></code></pre>[/code] You can go to the Portal and check now, "save" button will be hidden restricting the user to submit incident.