Capturing the errors thrown verbiage during cross scope issues

jamesmig_0007 · ‎01-05-2025

Hello All,

I need to know if there is any other way I can capture the information ,somehow some sort of workaround where I get beforehand information that so and so table is having cross scope issues. For example I am querying two tables in one I get

com.glide.script.fencing.access.ScopeAccessNotGrantedException: read access to sn_hr_core_case_workforce_admin not granted

when I catch and return it. But on other table I am able to do 'read' and so not getting any stack or error object.

See the Code and Output given below:

Code:

var result1 = noScopeError('sn_hr_core_case_workforce_admin');
var result2 = noScopeError('sn_si_phishing_email');
gs.info('result: ' + result1);
gs.info('result: ' + result2);

function noScopeError(tableName) {
    var errorMessage = '';

    try {
        // Attempt to query the table
        var gr = new GlideRecord(tableName);
        gr.query();

        // Check if the table has data
        if (gr.next()) {
            gs.info('Table in scope: ' + tableName);
            gs.info('the number: '+gr.number);
            return 'success';
        } else {
            gs.info('No records found in table: ' + tableName);
        }
    } catch (e) {
        // If a runtime exception occurs, capture the error stack
        errorMessage = 'scope error: ' + e;
        return errorMessage;
    }

}

Output:

Source descriptor is empty while recording access for table sn_hr_core_case_workforce_admin: no thrown error
Security restricted: Read operation on table 'sn_hr_core_case_workforce_admin' from scope 'My Custom App' was denied because the source could not be found. Please contact the application admin.
Security restricted: Read operation on table 'sn_hr_core_case_workforce_admin' from scope 'My Custom App'  was denied. The application 'InspectHub' must declare a cross scope access privilege. Please contact the application admin to update their access requests.
Source descriptor is empty while recording access for table sn_si_phishing_email: no thrown error
Security restricted: Unable to identify source of the Read operation on table 'sn_si_phishing_email' from scope 'InspectHub'. No Restricted Caller Access privilege records were created. The operation was allowed because target resource RCA policy is set to 'Tracking', but will be blocked with the 'Restricted' policy. Please contact the application admin.
x_my_custom_app: Table in scope: sn_si_phishing_email
x_my_custom_app: the number: PHIS0000051
x_my_custom_app: result: scope error: com.glide.script.fencing.access.ScopeAccessNotGrantedException: read access to sn_hr_core_case_workforce_admin not granted
x_my_custom_app: result: success

I am not looking at UI Configuration for the reason that I cannot share but I have to somehow capture the

Source descriptor is empty while recording access for table sn_hr_core_case_workforce_admin: no thrown error

Or some sort of indication that it is facing cross scope issue.

@Ankur Bawiskar , @Maik Skoddow, @robertnel , @alexcox

Thanks,

James M.

Omkar Mone · ‎01-05-2025

Hello,

Just putting my 2 cents here -

1) Why not use GlideRecordSecure API and

2) Query the sys_db_object table to determine if the current scope can access the target table. Although this doesn't guarantee runtime access, it can provide an early indication.

Ankur Bawiskar · ‎01-05-2025

@jamesmig_0007

it's better to let system tell about the cross scope access.

Once system provides details for cross scope you can take the appropriate action

what's your business requirement here?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

jamesmig_0007 · ‎01-06-2025

I think for now I am able to capture for ScopeAccessNotGrantedException and that is okay as of now.