ACLs required for query
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2024 08:10 AM
I have a service user and am trying (from this user account) to query the sc_cat_item_user_criteria_no_mtom method using GET /api/now/table/{table_name} handle. The request
GET /api/now/table/sc_cat_item_user_criteria_no_mtom?sysparm_query=sc_cat_item.active%3Dtrue
is failing with
Insufficient rights to query records
Field(s) present in the query do not have permission to be read
despite the fact that the user has a role which has a read access to sc_cat_item_user_criteria_no_mtom as well as to sc_cat_item.
The weird fact also is that for example
GET /api/now/table/sc_cat_item_user_criteria_no_mtom?sysparm_query=user_criteria.active%3Dtrue
Works well, but user have the same permissions for both sc_cat_item and user_criteria tables.
What am i doing wrong and what permissions is required for queries to work well?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2024 10:40 AM
@GhruvaA There is for sure security constraint issue, I have seen that an ACL oon field as well can be stopper for get method. Please verify that too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2024 12:32 PM
Hi, @Abhay Kumar1 ! Thank you for your reply. Can you please explain in more detail what do you mean and where can I check it?
If I open All -> System Definitions -> Tables and click on
sc_cat_item_user_criteria_no_mtom table, and then on sc_cat_item field, the ACL list is empty.
If I click on sc_cat_item table and then on active field, there is only one ACL, but with "write" operation (and I am not trying to write).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2024 12:36 PM
Hi, @Abhay Kumar1 . Thank you for a reply.
Could you please explain in detail what do you mean and where can I check it?
If I opened the All -> System Definitions -> Tables and click on sc_cat_item_user_criteria_no_mtom table, and then on sc_cat_item field there is no ACL listed.
If I click in the sc_cat_item table and then on active field there is only one ACL listed, but with "write" permissions (and I am not trying to write).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2024 02:40 AM
Hi, @Abhay Kumar1 . Thank you for a reply.
Could you please explain in detail what do you mean and where can I check it?
If I opened the All -> System Definitions -> Tables and click on sc_cat_item_user_criteria_no_mtom table, and then on sc_cat_item field there is no ACL listed.
If I click in the sc_cat_item table and then on active field there is only one ACL listed, but with "write" permissions (and I am not trying to write).
