- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
03-08-2023 07:15 PM - edited 03-08-2023 07:26 PM
Did you know that users are able to view ServiceNow reports (other than type: list or drill-down) when the user DOES NOT have access rights (and isn't blocked by a report_view ACL) to the data record in a data source or source table of a report?
Let's use an example where I want to create a pie chart report about Customer Cases (sn_customerservice_case) that are grouped by assignment group so that we can quickly see the spread across customer service teams. When sharing this specific report to a user who doesn't have access to customer cases, they can see the pie chart and this specific breakdown.
While they can see the pie chart, if they were to click a slice of the pie to then navigate to the list of related records, they would not be able to see those records due to table level "read" ACLs preventing these records from showing to this particular user.
Here's a couple things to note:
- Those users are able to view those types of reports...not create those same types of reports
- If the user doesn't have access to "read" the table records then they are unable to see list or drill-down type reports
- If the table has "report_view" ACLs, then those will apply and could affect/block this same type of user from seeing all report types for the respective table
- "report_view" ACLs can apply to specific fields on the table or the whole table. For the scenario mentioned above, the Customer Case table has report_view ACLs by default, but they're applied to specific fields (such as: account, consumer, assigned_to -- NOT assignment group - which is why this user is able to view in the scenario I mentioned above)
Main takeaway here is that:
- You don't always need to give "read" access (possibly giving them more access than they need or consuming a license) to someone just for them to view certain types of reports
- Consider reviewing or creating report_view ACLs to control data you don't want showing in report types beyond list or drill-down
- If users do need read access to all records on a specific table, review your roles as there may be one out of box (such as sn_incident_read) that you can give them instead of customizing things
- More information can be found here
If you enjoy ServiceNow content like this, consider following me on LinkedIn as well as checkout my ServiceNow focused YouTube channel: Allenovation!
- 940 Views