Customer Service Portal: Problems with business_service

MichaelZischeck · ‎04-14-2025

We have added a field from CDMB to the case: business_service

that works just fine in the platform (eg. agent workspace)

On the portal however I cannot display business_service. Neither in the ticket header, nor in the list columns.

It seems to be some sort of "access" issue.

Cause if I add a list (data table widget) with services, the user can see his services (they are mapped to a company)

The user can also select the service creating a new case.

If I use my admin account then I can see the business_service on the ticket header as well as in the list as column.

I am not experienced enough to figure out where it fails.

Anyone any idea?

SasiChanthati · ‎04-14-2025

You're definitely on the right track suspecting this is an access control (ACL) issue. In ServiceNow, it’s quite common for data to appear fine on the platform but not on the Service Portal, due to stricter or missing ACLs that affect how widgets fetch and display data.
What's Likely Happening
- Platform (Agent Workspace) uses full GlideRecord access and respects roles.
- Service Portal widgets (like ticket headers, lists, and form widgets) often fetch data via GlideAjax or spModel, which strictly enforce read ACLs — especially those for fields and tables.
- Your admin account bypasses ACLs, so you see everything.
Step-by-Step Troubleshooting & Fix
1. Check ACLs on the business_service field
- Go to System Security > Access Control (ACL).
   - Search for:
     - Table: sn_customerservice_case (or whatever table you're using)
     - Field: business_service
     - Operation: read
   - Make sure that there's an ACL allowing portal users (e.g., roles like snc_external, sn_customerservice.customer, or similar) to read that field.

2. Test ACLs as a non-admin
Use the ACL debugger:
   - Impersonate the affected user.
   - Go to /acl.do and turn on debugging.
   - Load a record that’s missing the business_service.
   - You’ll likely see a false read evaluation on that field.

3. Fix ACL or Add One
If no ACL exists for business_service:
   - Create a new ACL:
     - Type: Field
     - Table: sn_customerservice_case
     - Field: business_service
     - Operation: read
     - Condition/script: Allow users with the appropriate roles or relationship (e.g., customer contact linked to company that owns the service).
     - Example script:
       var userCompany = gs.getUser().getCompanyID();
       var caseCompany = current.company;
       answer = user.hasRole('sn_customerservice.customer') && userCompany == caseCompany;

4. Check Widget Configuration
If you're using a custom widget or the sc_cat_item or data table widget:
- Ensure the server script isn't filtering out business_service or modifying the returned fields.

5. Double-check the Service field visibility
- In the Form Layout of the case form used in Service Portal (sp_form), confirm business_service is on the form and not hidden.
- Also check any UI Policies or client scripts that might be hiding it based on the user or role.
The issue is almost certainly a read ACL on the business_service field or related table. Your admin bypasses ACLs, which is why you can see it.

View solution in original post

AmM01 · ‎04-14-2025

Please have a look into the above diagram.

Business Services (green box) are part of the Portfolio layer, managed by the Service Owner.
Customers don't directly “own” Business Services — instead:
- Customers consume Sold Products.
- Those Sold Products are mapped to Business Service Offerings, which are linked to Business Services.
Customers get access to services via the Install Base, which connects their Account to a specific instance of a Sold Product.

So what’s happening in your case?

You added business_service to the Case form.
But the customer (on portal) doesn’t directly “own” that cmdb_ci_service record.

Instead of referencing the business_service, you can reference the Sold Product / install base items. Both are accessible by the customer on the CSM portal.

MichaelZischeck · ‎04-15-2025

Hi thanks for your reply..

I understand, yet, I can make services available to service portal users. To proof that I build a simple list, that works. Just the field business_service showing these is not working.

We used to work with product models, and were told portal users only can see "assets" which I assume is what you refer to as installed base items.

I thought I might be able to get a workaround in place to be able to use business_service directly. And, interestingly, creating a new ticket this works. same as with the simple list.

Michael

SasiChanthati · ‎04-14-2025

You're definitely on the right track suspecting this is an access control (ACL) issue. In ServiceNow, it’s quite common for data to appear fine on the platform but not on the Service Portal, due to stricter or missing ACLs that affect how widgets fetch and display data.
What's Likely Happening
- Platform (Agent Workspace) uses full GlideRecord access and respects roles.
- Service Portal widgets (like ticket headers, lists, and form widgets) often fetch data via GlideAjax or spModel, which strictly enforce read ACLs — especially those for fields and tables.
- Your admin account bypasses ACLs, so you see everything.
Step-by-Step Troubleshooting & Fix
1. Check ACLs on the business_service field
- Go to System Security > Access Control (ACL).
   - Search for:
     - Table: sn_customerservice_case (or whatever table you're using)
     - Field: business_service
     - Operation: read
   - Make sure that there's an ACL allowing portal users (e.g., roles like snc_external, sn_customerservice.customer, or similar) to read that field.

2. Test ACLs as a non-admin
Use the ACL debugger:
   - Impersonate the affected user.
   - Go to /acl.do and turn on debugging.
   - Load a record that’s missing the business_service.
   - You’ll likely see a false read evaluation on that field.

3. Fix ACL or Add One
If no ACL exists for business_service:
   - Create a new ACL:
     - Type: Field
     - Table: sn_customerservice_case
     - Field: business_service
     - Operation: read
     - Condition/script: Allow users with the appropriate roles or relationship (e.g., customer contact linked to company that owns the service).
     - Example script:
       var userCompany = gs.getUser().getCompanyID();
       var caseCompany = current.company;
       answer = user.hasRole('sn_customerservice.customer') && userCompany == caseCompany;

4. Check Widget Configuration
If you're using a custom widget or the sc_cat_item or data table widget:
- Ensure the server script isn't filtering out business_service or modifying the returned fields.

5. Double-check the Service field visibility
- In the Form Layout of the case form used in Service Portal (sp_form), confirm business_service is on the form and not hidden.
- Also check any UI Policies or client scripts that might be hiding it based on the user or role.
The issue is almost certainly a read ACL on the business_service field or related table. Your admin bypasses ACLs, which is why you can see it.

MichaelZischeck · ‎04-15-2025

Hi many thanks for the help... you kind of helped me fix it, but not with any direct help.

1. couldn't find any ACL on business_service, I checked all "sn_customerservice_case.*" and sure enough in one of them I found the solution, see below

2. didn't work as user had security contraints preventing access to that page

3. I cannot create a field type ACL. only had record, so I didn't bother further on this one

4. didn't check this

5. no contraints whatsoever

in one of the sn_customerservice_case.* ACLs I found this comment: Allow read for all fields in sn_customerservice_case. One of the roles required was "sn_customerservice.case_viewer".. I added this to the user, and voilà user could see service in list, in header and was able to filter upon service in the lists...

many thanks