Catch Cross scope TABEL Assess Issues in Server Side Script - from Global any Scope

SteweLundin · ‎02-28-2025

Trying to catch when I get a Cross Scope issue when accessing a table from a script in global.

All I want to do is know IF i cant access the requested table

If I do a GlideRecord or a GlideRecordSecure from Global to a Scope(any scope) where I have no priviliges there is no error thown.
I get a legit but EMPTY GlideRecord - this alone is not sufficitent for me to catch as my result
- canRead, canWrite and canCreate are return as true (using Admin).
try {} catch(){} will not catch this.

All I can see is a log entry saying that I have no Scope Priviliges.

Any Ideas.

And NO, setting up Scope Priviligies is NOT an option

OleksiyK · Sunday

Hi,

I found out there are two types of error message on failed scope access:

Read operation against 'sn_ca_bundle_status' from scope 'rhino.global' has been refused due to the table's cross-scope access policy
Read operation on table 'sn_employee_app_access_criteria' from scope 'Global' was denied. The application 'Employee Profile' must declare a Restricted Caller Access privilege. Please contact the application admin to update their access requests.

... replace orange text with your table and scope name.

So I seem to have found a solution just for the first one, thanks @Kieran Anson for hinting at GlideQuery and ServiceNow for open source of Schema script include.

var gr = new GlideRecord('sys_db_object');
//gr.setLimit(100);
gr.addEncodedQuery('sys_scope!=global');
gr.query();
while (gr.next()) {
	var tableDescriptor = GlideTableDescriptor.get( gr.name );
	var accessPolicy = tableDescriptor.getAccessPolicy();

	var s = JSON.stringify(accessPolicy);
	if (s.indexOf('Read=[PRIVATE]') > -1) {
		// here we are, 
		// we gonna get "Read operation against XXXXX from scope 'rhino.global' has been refused ..." 
		// on attempt to read from this table
		gs.addErrorMessage( gr.name + ' - ' + s);
	}
}