Part of the query on sys_user has been ignored because of insufficient access for 'query_range'

Go to solution
RobDoyle
Giga Guru

ā€Ž05-13-2025 08:31 AM

Part of the query on sys_user has been ignored because of insufficient access for 'query_range' operation on sys_user_grmember.user

So we recently got our May security maintenance done and I am having an issue with the above error 

I have created a new ACL for this but it is still erroring I did raise a ticket but wasn't very helpful and the KB's don't really advise how to resolve this 

RobDoyle_0-1747150176095.pngRobDoyle_1-1747150202045.png

I am not sure what I am doing wrong I did have one related to a query match which i resolved but this query range one is stumping me 

0 Helpfuls
  • 17,607 Views
1 ACCEPTED SOLUTION

Go to solution
RobDoyle
Giga Guru

ā€Ž05-14-2025 03:43 AM

RobDoyle_0-1747219362432.png

So it appears me updating these ACL's to change from public and also changing the security attribute to local seems to have fixed the error 

View solution in original post

17 REPLIES 17

Go to solution
dwtaber
Tera Expert

ā€Ž05-13-2025 03:48 PM

Is the query_range operation a superset of query_match? In other words, if I create a query_range ACL for a field, will a user who meets its criteria also be able to use the operations covered by query_match, or do I have to make a separate ACL for those operations?

0 Helpfuls

Go to solution
Rogers Cadenhe1
Giga Guru
In response to dwtaber

ā€Ž05-13-2025 05:08 PM

It is not a superset. The query_match ACL checks whether a user has read access to all fields used in a query. You likely need ACLs of both operations to fix errors users are now seeing.

0 Helpfuls

Go to solution
Krish23
Tera Contributor

ā€Ž05-13-2025 08:20 PM

Any solution for this? we are seeing the same in our instances.

0 Helpfuls

Go to solution
RobDoyle
Giga Guru

ā€Ž05-14-2025 01:16 AM

Just to mention that it is only affecting App Engine Licensed users ITIL users are not affected 

0 Helpfuls