- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-13-2025 08:31 AM
Part of the query on sys_user has been ignored because of insufficient access for 'query_range' operation on sys_user_grmember.user
So we recently got our May security maintenance done and I am having an issue with the above error
I have created a new ACL for this but it is still erroring I did raise a ticket but wasn't very helpful and the KB's don't really advise how to resolve this
I am not sure what I am doing wrong I did have one related to a query match which i resolved but this query range one is stumping me
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-14-2025 03:43 AM
So it appears me updating these ACL's to change from public and also changing the security attribute to local seems to have fixed the error

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-13-2025 08:57 AM

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-13-2025 02:18 PM
ServiceNow just deployed a large number of new query_range ACLs that control user access to code that runs ranged queries (clauses like STARTS WITH, ENDS WITH and CONTAINS). You need to create a new ACL of Type record and Operation query_range for the field user on the table sys_user_grmember and then give it the roles of the users who need to perform the action that triggered the error.
There's a similar issue with the new query_match ACL that has the same kind of error message and same fix, except you use Operation query_match instead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-14-2025 01:04 AM
I have already done this as screenshot in first post advises and it still doesn't allow it.
There is only a create and write ACL would I need to add a read too

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ā05-14-2025 06:09 AM
You need to ensure that your users have a role that you associated with your new query_range ACL.