Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Issue with HTML field – users can’t update values (Zurich release)

Go to solution
Joatan Fontoura
Tera Guru

4 weeks ago

Hi everyone,

I’m facing an issue with an HTML-type field in one of my tables. Non-admin users — who have access to the table and its fields — are unable to insert values into this field when creating a new record, or update it in existing records.

At first, I suspected it was related to ACLs. So, I created an ACL with the “create” operation for this specific field, and then users were able to insert values during record creation. However, when I created a similar ACL with the “write” operation, it didn’t work — users still can’t update the field value afterward.

What’s strange is that this field belongs exclusively to this table, which rules out the possibility of inheriting ACLs from a parent table.

Is there any known restriction or security behavior that applies specifically to HTML fields by default in ServiceNow?

One more detail: I have the same table and field in another instance running Xanadu, and the issue does not occur there. The problem happens only in an instance running Zurich.

Thanks in advance for any insights!

Labels:
0 Helpfuls
  • 787 Views
2 ACCEPTED SOLUTIONS

Go to solution
Mani23
Giga Guru

3 weeks ago - last edited 3 weeks ago

Hi Joatan,

I guess it is because of 'Scripting Governance Tool' which is part of Zurich release. It happens to HTML fields as it is possible to use script tag.

 

Please check the below article
https://www.servicenow.com/community/servicenow-ai-platform-articles/why-your-admins-can-t-script-po...

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2538150

https://www.servicenow.com/docs/bundle/zurich-platform-security/page/administer/security/concept/scr...

 

Best Regards,

Mani

View solution in original post

0 Helpfuls

Go to solution
Ankita Sharma
Tera Expert

3 weeks ago

Hi Joatan,

In the Zurich upgrade, a new field type ACL is introduced for HTML fields (*.[html]).
This ACL is associated with a specific role that’s linked to the Conditional Script Writer group.

As a result, users who are not part of this group will be unable to view HTML-type fields on forms.

To resolve the issue, simply add the affected users to the Conditional Script Writer group. Once added, they’ll be able to see the HTML fields as expected.

If my response helped, please mark it as correct.

Regards

Ankita

View solution in original post

0 Helpfuls
4 REPLIES 4

Go to solution
Mani23
Giga Guru

3 weeks ago - last edited 3 weeks ago

Hi Joatan,

I guess it is because of 'Scripting Governance Tool' which is part of Zurich release. It happens to HTML fields as it is possible to use script tag.

 

Please check the below article
https://www.servicenow.com/community/servicenow-ai-platform-articles/why-your-admins-can-t-script-po...

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2538150

https://www.servicenow.com/docs/bundle/zurich-platform-security/page/administer/security/concept/scr...

 

Best Regards,

Mani

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

3 weeks ago

@Joatan Fontoura 

you can only apply field level READ and WRITE ACL and not CREATE ACL.

So you are saying during record creation i.e. new form the HTML field is editable but once record is saved the field becomes readonly?

any client script or UI policy is doing this on existing record?

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Ankita Sharma
Tera Expert

3 weeks ago

Hi Joatan,

In the Zurich upgrade, a new field type ACL is introduced for HTML fields (*.[html]).
This ACL is associated with a specific role that’s linked to the Conditional Script Writer group.

As a result, users who are not part of this group will be unable to view HTML-type fields on forms.

To resolve the issue, simply add the affected users to the Conditional Script Writer group. Once added, they’ll be able to see the HTML fields as expected.

If my response helped, please mark it as correct.

Regards

Ankita

0 Helpfuls

Go to solution
Joatan Fontoura
Tera Guru

3 weeks ago

@Mani23 and @Ankita Sharma, you are right! It's happening because Scripting Governance Tool. When I added the users to the group Conditional Script Writer - that contains the role "snc_required_script_writer_permission" - they were able to write on HTML field. Thank you!