Part of the query on sys_user has been ignored because of insufficient access for 'query_range'

RobDoyle · ‎05-13-2025

Part of the query on sys_user has been ignored because of insufficient access for 'query_range' operation on sys_user_grmember.user

So we recently got our May security maintenance done and I am having an issue with the above error

I have created a new ACL for this but it is still erroring I did raise a ticket but wasn't very helpful and the KB's don't really advise how to resolve this

I am not sure what I am doing wrong I did have one related to a query match which i resolved but this query range one is stumping me

RobDoyle · ‎05-14-2025

So it appears me updating these ACL's to change from public and also changing the security attribute to local seems to have fixed the error

View solution in original post

SumanthDosapati · ‎05-13-2025

@RobDoyle

> Did you try relogging in after applying the ACL?

> Also try giving a table level ACL also and see if it works.

This link also might help you.

Accept the solution and mark as helpful if it does, to benefit future readers.
Regards,
Sumanth

Rogers Cadenhe1 · ‎05-13-2025

ServiceNow just deployed a large number of new query_range ACLs that control user access to code that runs ranged queries (clauses like STARTS WITH, ENDS WITH and CONTAINS). You need to create a new ACL of Type record and Operation query_range for the field user on the table sys_user_grmember and then give it the roles of the users who need to perform the action that triggered the error.

There's a similar issue with the new query_match ACL that has the same kind of error message and same fix, except you use Operation query_match instead.

RobDoyle · ‎05-14-2025

I have already done this as screenshot in first post advises and it still doesn't allow it.

There is only a create and write ACL would I need to add a read too

Rogers Cadenhe1 · ‎05-14-2025

You need to ensure that your users have a role that you associated with your new query_range ACL.