How to configure 'read' access control for sys_user table to allow non-admin users to read

Patrick Tipps1
Tera Contributor

‎10-16-2023 12:00 PM

I'm working on catalog items. I have fields that are being populated when I'm logged in as admin and are not being populated when I'm not. I figure it's an ACL issue. I look through the ACLs for the sys_user table and can't seem to find what's preventing non-admin users from reading from the table.

 

Does this access control not allow for everyone to read from the table?

Screenshot 2023-10-16 135933.png

Context:

I have a catalog item that has several fields that are populated with an onLoad catalog client script.

Catalog client script:

 

// Function that triggers when the ServiceNow form loads.
function onLoad() {

    // Check if the user ID is undefined.
    if (!g_user.userID) {
		
        // Show an alert if the user ID is undefined.
        alert('User ID is undefined');
        return;
    }
    
    // Initialize a GlideAjax object to fetch user details.
    var glideAjax = new GlideAjax('PopulateCatalogDefaults');
    
    // Add parameters to the GlideAjax object.
    glideAjax.addParam('sysparm_name', 'getUserDetails');
    glideAjax.addParam('sysparm_userID', g_user.userID);
    // Execute the GlideAjax call and use populateFields function as the callback.
    glideAjax.getXML(populateFields);
}

// Callback function to populate the form fields based on the GlideAjax response.
function populateFields(response) {
    // Parse the XML response to get the "answer" attribute.
    var answer = response.responseXML.documentElement.getAttribute("answer");
    
    // Convert the "answer" attribute to a JavaScript object.
    var userObj = JSON.parse(answer);
    
    // Populate the 'users_person_number' field with the user's sys ID.
	g_form.clearValue('users_person_number');
    g_form.setValue('users_person_number', userObj.userSysId);
}

 

Here is the script include that's being called:

 

// Declare a new class called PopulateCatalogDefaults.
var PopulateCatalogDefaults = Class.create();

// Extend the PopulateCatalogDefaults class from AbstractAjaxProcessor.
PopulateCatalogDefaults.prototype = Object.extendsObject(AbstractAjaxProcessor, {
    
    // Define a method called getUserDetails.
    getUserDetails: function(userID) {
        
        // Create an empty object to store user information.
        var userInfo = {};
        
        // Initialize a GlideRecord object for the 'sys_user' table.
        var userGR = new GlideRecord('sys_user');
        
        // Get the user ID from the incoming parameter.
        var g_userId = this.getParameter('sysparm_userID');

        // Query the 'sys_user' table for the given user ID.
        if (userGR.get(g_userId)) {
            
            // Populate the userInfo object with the user's unique sys ID.
            userInfo.userSysId = userGR.getUniqueValue();
        }
        
        // Return the userInfo object as a JSON-formatted string.
        return JSON.stringify(userInfo);
    },
    
    // Specify the type of the class as 'PopulateCatalogDefaults'.
    type: 'PopulateCatalogDefaults'
});

 

0 Helpfuls
  • 1,272 Views
7 REPLIES 7

SanjivMeher
Kilo Patron
Kilo Patron

‎10-16-2023 12:08 PM - edited ‎10-16-2023 12:09 PM

There is a query business rule on the user table. Check if that prevents the non-admin users.


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Rocky14
Tera Contributor
In response to SanjivMeher

‎10-16-2023 12:31 PM

I would suggest to print the logs from server side and alert from client side, if that ACL is causing an issue or not, I strongly believe in that non-admin user's doesn't have access to user table.

Try with deactivating the ACL and if the issue still there you need look for exact script that causing an issue.

 

 

Please mark this response as correct or helpful if it assisted you with your question.

 

0 Helpfuls

Patrick Tipps1
Tera Contributor
In response to SanjivMeher

‎10-16-2023 01:44 PM

Are you referring to the "user query" Business Rule? Setting it to inactive did not solve my problem, unfortunately.

Screenshot 2023-10-16 154342.png

0 Helpfuls

SanjivMeher
Kilo Patron
Kilo Patron

‎10-16-2023 03:18 PM

Why are you populating the sys-id in the phone number?

I would suggest adding some logs to the script include to see if you are getting the user record.

Also an alert in the client script to see what results you are receiving in the  answer variable.


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls