autofil catalog item not working as expected

RobertPC · 3 weeks ago

We are on Yokohama and have been since release. I noticed this morning that my autofill that references the sys_user table are no longer auto populating. When the user selects the Request For it should auto populate User ID, Manager, Location, etc. This used to work no matter who was selected in the Request For. Now it only populates if the user selects themselves or a direct report, or if they have the ITIL role. I assume this is due to an ACL, but unsure which ACL and how to correct. Any help with this would be greatly appreciated.

Shashank_Jain · 3 weeks ago

@RobertPC ,

In Yokohama, ServiceNow tightened table/field ACLs for sys_user to improve security and prevent exposing sensitive HR/user data.
By default, a user without itil or without being the selected user’s manager/direct report may not be able to read certain fields (like manager, location, user_name, etc.) when the auto-populate runs.
That’s why autofill only works for:
- Themselves
- Their direct reports
- Users with itil role (which grants broader sys_user read permissions).

Which ACLs to Check

Navigate to System Security → Access Control (ACL).
Filter for:
- Table: sys_user
- Operation: read
Pay attention to field-level ACLs like:
- sys_user.location
- sys_user.manager
- sys_user.user_name
- sys_user.* (wildcard)

You’ll probably see conditions like gs.hasRole("itil") or scripts checking manager relationships.

If this works, please mark it as helpful/accepted — it keeps me motivated and helps others find solutions.
Shashank Jain

View solution in original post

Shashank_Jain · 3 weeks ago

@RobertPC ,

In Yokohama, ServiceNow tightened table/field ACLs for sys_user to improve security and prevent exposing sensitive HR/user data.
By default, a user without itil or without being the selected user’s manager/direct report may not be able to read certain fields (like manager, location, user_name, etc.) when the auto-populate runs.
That’s why autofill only works for:
- Themselves
- Their direct reports
- Users with itil role (which grants broader sys_user read permissions).

Which ACLs to Check

Navigate to System Security → Access Control (ACL).
Filter for:
- Table: sys_user
- Operation: read
Pay attention to field-level ACLs like:
- sys_user.location
- sys_user.manager
- sys_user.user_name
- sys_user.* (wildcard)

You’ll probably see conditions like gs.hasRole("itil") or scripts checking manager relationships.

If this works, please mark it as helpful/accepted — it keeps me motivated and helps others find solutions.
Shashank Jain

RobertPC · 3 weeks ago

I ended up creating a new ACL on sys_user.* with a security profile of UserAuthinicated and this resolved the issue. Thank you for your help. Was this communicated by ServiceNow in the latest security update notes?

Rafael Batistot · 3 weeks ago

Hi @RobertPC

In your catalog variable, may you try via auto-populate

Auto-populate

Let's immediately jump into the Auto-populate functionality. This is what the Auto-populate looks like on a Variable:

See the reference,

https://www.servicenow.com/community/developer-articles/auto-populate-a-variable-based-on-a-referenc...

it’s works independent of version

Ankur Bawiskar · 3 weeks ago

@RobertPC

share the screenshots of that variable and how are you auto populating the other variables.

Did this issue start coming after upgrade to Yokohama?

Did you try with admin role user?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader