Can't create sys_user_group records from scoped application

Jan Fr_hwacht · ‎02-16-2021

Hi all,

I have a scoped application which should create records in the table "sys_user_group".

Per default the table "sys_user_group" has the checkbox "read_access" ticked when looking in the "Application Access" tab on the table configuration.

The "Accessible from" field is set to "All application scopes".

The "Can create" and "Can update" checkboxes were adapted through an update set on the instance.

The creation of all GlideRecords have receive a "null" result when executing the GlideRecord.insert() method.

When executing a fix script from within the scoped application to create a "sys_user_group" record it shows the following messages:

Security restricted: Access to api 'setValue(sys_user_group.name)' from scope '...' has been refused due to the api's cross-scope access policy

Security restricted: Access to api 'put(sys_user_group.manager)' from scope '...' has been refused due to the api's cross-scope access policy

Security restricted: Access to api 'put(sys_user_group.type)' from scope '...' has been refused due to the api's cross-scope access policy

Security restricted: Create operation against 'sys_user_group' from scope '...' has been refused due to the table's cross-scope access policy

I even added a "Restricted caller access record" to test if I can get rid of the "Create operation against "sys_user_group" .. has been refused message. But even that didn't work.

Does anyone know why my scoped app is not able to create and update record on global scoped "sys_user_group" table ?

Harika Bhupathi · ‎02-16-2021

Hi @Jan Frühwacht

Have you tried to create your fix script in Global application , instead of creating it under scoped application?

Community Alums · ‎02-16-2021

Hi Jan,

I have encountered this issue before and done the following to get it working:

1. I have navigated to System Applications > Application Cross-Scope Access [Ensuring I am already in the custom application scope].

2. Create a new Cross scope privilege record, with source scope being your application and the target scope being Global.

3. The target name should be the value of the table you are accessing, in this case the sys_user_group table.

4. Make sure you set the operation to Read and status as Allowed.

Let me know if this doesn't solve your issue.

Thanks,

Enrique

Jan Fr_hwacht · ‎02-16-2021

Hi @Enrique Brands ,

thanks for the fast response.

There are already three records (for each operation) in this table:

source_scope: MyScopedApp

target_scope: Global

target_name: sys_user_group

operation: Create, Read, Write

status: allowed

sys_scope: MyScopedApp

This should fine right ?

@Harika Bhupathi

If I make the fix script global the purpose of my scoped application would be wasted.

Community Alums · ‎02-16-2021

Hi Jan,

Please follow this guide to dig in deeper into the issue you are having:

Securing an application using Cross Scope Access, Application Access Settings & Restrict Table Choic...

Also I would suggest sharing the actual code you have written within the fix script to further troubleshoot.

Thanks,

Enrique