GlideAggregate_Query - Insufficient rights to query records
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
I was trying to pull the data using glideaggregate query data source in UI builder to populate for a component.
But there's a data fetch exception. the event payload
{
"dataElemId": "aggregation_query_2",
"errors": [{
"message": "Query: Exception encountered processing field: GlideAggregate_Query - Insufficient rights to query records",
"errorType": "DataFetchingException",
"path": ["GlideAggregate_Query"]
}],
"__uxfCompositionElId": "27bf535347655a90cfc5457c736d43bd",
"options": {}
}
it works for admin but does not work for other users. I checked all the ACLs are correct and the users can see the relevant records.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi Buddy,
This usually comes down to field-level access, not table access.
The GlideAggregate data source runs fully server-side and is stricter than lists/forms. Even if a user can see the records, the aggregate will fail if they don’t have read access to every field used in the query (filters, group by, dot-walks, or the aggregate field itself).
That’s why it works for admin but not for other users.
What you can do:
Check read ACLs on all fields referenced in the aggregate (especially group by and any dot-walked fields).
Watch for scripted ACLs that behave differently outside normal list/form access.
Impersonate a failing user and turn on Debug Security Rules — it will show exactly which ACL is blocking the query.
If you don’t want to open up field access just to support aggregates, the safer pattern is to use a scripted data broker that returns only the summary values you want and enforces your own authorization logic.
@XuanYingY - Please mark Accepted Solution and Thumbs Up if you found Helpful!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi Matthew,
Yup, i double-checked. My field level access (table.* and table.fields) are all there (read, query_range, query_match), there are also no scripted ACLs
i also checked:
- Impersonate user via script and queried with glideaggregate - it works
- Impersonated user and created a report with the exact query - it works
Impersonate a failing user and turn on Debug Security Rules — there was no error. I tried debug graphQL and i could see that the glideaggregate query was executing without any errors, it seems like there is only problem with Data Fetching?
A bit more information, My instance is domain separated. I think i will find a workaround using either reports or scripted data broker as you adviced. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi @XuanYingY !!
Issue:
GlideAggregate Query data source in UI Builder works for admin but fails for non-admin users with
Insufficient rights to query records.
Root Cause:
GlideAggregate enforces the aggregate ACL operation, not just read.
UI Builder executes data sources in the logged-in user’s context, so non-admin users must be explicitly allowed to aggregate.
Admin works because it bypasses ACLs.
Solution:
Create an ACL with Operation = aggregate on the target table.
Steps:
Go to System Security → Access Control (ACL)
Create a new ACL:
Type: Record
Table: <target_table>
Operation: aggregate
Grant access via role / condition / script, for example:
answer = gs.hasRole('your_role');Result:
Non-admin users can successfully use the GlideAggregate Query data source in UI Builder.
Mark this as Helpful if it clarifies the issue.
Accept the solution if this answers your question.
Regards,
Vaishnavi
Associate Technical Consultant
