Hi @pramodkumar ,

The out-of-the-box (OOB) role required to manually create applications in the cmdb_ci_appl table is:

cmdb_ci_admin

Explanation:
The table cmdb_ci_appl (which is a child of cmdb_ci) is write-protected by ACLs to prevent unauthorized CMDB updates.

To manually create applications in this table through the UI (e.g., via the CMDB workspace or Application list), you need:

OOB ACLs (Access Control List) for cmdb_ci_appl:

Without cmdb_ci_admin, the user will get a "security constraints prohibit this operation" error when attempting to insert or update.

If You Created Custom ACLs:
Since you mentioned you've created custom ACLs, you may have overridden OOB ones. Ensure your custom ACLs for cmdb_ci_appl allow:
* create and write access
* Conditions or scripts that return true or verify role (e.g., check for a custom role like custom_app_admin)
* Avoid accidentally blocking OOB roles like cmdb_ci_admin

Recommended Approach:
1. Use OOB Role: Assign cmdb_ci_admin to users who need to create application CIs.
2. Audit Custom ACLs: Review ACLs on cmdb_ci_appl to ensure you didn’t block OOB behavior.
3. Least Privilege (Optional): If cmdb_ci_admin is too broad, create a custom role and adjust ACLs accordingly for only that table.

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 

Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025

Hi,

Please check your current patch release notes; ServiceNow has updated the roles that has the ability to update CMDB.  Please see Configuration Management Database (CMDB) release notes 

"

CMDB highlights for the Xanadu release