- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2025 11:05 PM
Hi everyone,
I tried to install an application we had stored under My Company Applications in our personal instance (PDI) running the Zurich release, and I encountered the following error:
When checking this ACL record, I noticed that it references a security_attribute named "SAC_1818458457" with sys_id = bc91c2a5f334621048dff3d264780663.
This security_attribute was created by a user called "@@snc_write_audit@@" on 12/05/2025 (dd/mm/yyyy), which is not a user from my instance.
After searching for more information, I found KB2046494, which explains that such records might have been created as part of a temporary security patch to mitigate a vulnerability. From what I understood in that KB, the issue was already resolved around July.
What I’d like to understand is:
What exactly is the purpose of this security_attribute?
Why is it missing in new instances (it’s not present in my newly created PDI)?
Since it doesn’t exist in new instances, can I safely remove this security_attribute from my app’s ACLs without causing any issues?
If I shouldn’t remove it, how can I prevent this installation error from occurring?
Thanks in advance for any clarification!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2025 11:24 PM
My pointers:
Purpose: The security_attribute was a temporary access control element added by ServiceNow to address a security vulnerability in May 2025.
-> Missing in New Instances: New Zurich PDIs do not contain these attributes, as they were deprecated and removed after permanent fixes.
-> Safe to Remove: Yes, you can safely remove the reference to the missing security_attribute from ACLs; it is no longer needed and only causes errors.
-> How to Prevent Error: Delete the security_attribute references from ACLs before exporting or installing the app on new instances.- The security_attribute was a temporary security control added by ServiceNow to mitigate a vulnerability in May 2025.
-> It is missing in new Zurich instances because it was removed after ServiceNow applied a permanent fix.
-> You can safely remove references to this security_attribute from your ACLs; it is not needed in updated environments.
-> To avoid installation errors, clear the security_attribute field from ACLs before installing or exporting your app.
💡 If my response helped, please mark it as correct ✔️ and close the thread 🔒 — this helps future readers find the solution faster! 🙏
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2025 12:44 AM
Hi @jordimsant,
The security_attribute record you saw (SAC_1818458457) was part of a temporary ServiceNow security mitigation patch automatically deployed by the platform to address a past vulnerability. It was used internally to restrict access to sensitive data during that period.
In newer instances (Zurich PDIs), these temporary attributes have been cleaned up or deprecated, which is why the referenced record no longer exists.
Since the attribute was never meant to be part of customer-managed data, and it’s not present in current releases, you can safely remove the reference to it from your application’s ACLs. This will not impact app functionality.
If you don’t remove it, installation will keep failing because the referenced sys_security_attribute record is missing.
✅ Recommended fix: open the affected ACL(s) in your source instance → clear the security_attribute reference → re-export the app.
In short:
→ It was a temporary system-generated security control.
→ It’s gone from current versions by design.
→ Yes, remove it from your app’s ACLs to avoid installation issues.
