End users can see the worknotes in service portal requests

rin1 · ‎02-28-2022

Hi experts,

Something struck to my vision in service portal, End users were able to see worknotes of the requests they raised.

So this is how it is defined or some ACL is broke in our instance?

Can some one help with my query.

KInd regards,

Rini

Kieran Anson · ‎02-28-2022

If you've recently patched/upgraded there is a bug where an acl sc_req_item.work_notes that does not have a role meaning it applies to everyone. This is due to the ITSM roles plugin not being installed, and the upgrade not checking before adding the new ACL

View solution in original post

Dan H · ‎02-28-2022

Please check the ACL on your instance, you are able to prevent the work notes for being seen by modifying/adding the READ ACL on worknotes field on your table. If you want the field visible only to ITIL, set the role to ITIL.

Please mark my answer as Correct/Helpful based on impact

Regards,

Dan H

Kieran Anson · ‎02-28-2022

If you've recently patched/upgraded there is a bug where an acl sc_req_item.work_notes that does not have a role meaning it applies to everyone. This is due to the ITSM roles plugin not being installed, and the upgrade not checking before adding the new ACL

rin1 · ‎03-01-2022

Thanks you for the reply, Yeah we recently upgraded to Rome. Is there any fix available or Should I write an Acl for Reuest item table?

Syed Hassan · ‎03-01-2022

Hi,

If you've recently patched/upgraded there is a bug where an acl sc_req_item.work_notes that does not have a role meaning it applies to everyone. This is due to the ITSM roles plugin not being installed, and the upgrade not checking before adding the new ACL.

Thanks and Regards,

Syed Hassan Ahmed.