Comprehensive and Detailed Explanation:

Access Controls (ACLs) in ServiceNow determine whether a user can read, write, or delete a record, field, or table.

For a user to pass an Access Control, all the following conditions must evaluate to true:

✅ Option A (Correct): The user must have one of the specified roles.

Access Controls often require users to have specific roles.

If a role is specified in an ACL’s Required Roles related list, a user must have that role to pass the check.

✅ Option C (Correct): Any script in the Access Control must evaluate to true.

ACLs can contain server-side scripts that execute logic to determine access.

Example:

javascript

CopyEdit

answer = current.state == "Approved";

This means access is only granted if the record’s state is "Approved".

✅ Option D (Correct): Conditions configured in the Access Control must evaluate to true.

ACLs allow conditions to be set without scripting.

Example:

"User must be the record’s creator" → Created by is (dynamic) Me

❌ Option B (Incorrect):

ACLs do not depend on other matching ACLs.

Each ACL is evaluated separately for a given operation.

❌ Option E (Incorrect):

Business Rules do not grant access.

They run scripts to enforce business logic but do not override ACLs.

Access Control Evaluation Order:

Table-level ACLs (e.g., can the user read/write to a whole table?)

Field-level ACLs (e.g., can the user read/write a specific field?)

The most specific ACL always wins.