Part of the query on sys_user has been ignored because of insufficient access for 'query_range'

RobDoyle · ‎05-13-2025

Part of the query on sys_user has been ignored because of insufficient access for 'query_range' operation on sys_user_grmember.user

So we recently got our May security maintenance done and I am having an issue with the above error

I have created a new ACL for this but it is still erroring I did raise a ticket but wasn't very helpful and the KB's don't really advise how to resolve this

I am not sure what I am doing wrong I did have one related to a query match which i resolved but this query range one is stumping me

RobDoyle · ‎05-14-2025

So it appears me updating these ACL's to change from public and also changing the security attribute to local seems to have fixed the error

View solution in original post

RobDoyle · ‎05-14-2025

So it appears me updating these ACL's to change from public and also changing the security attribute to local seems to have fixed the error

psfortuna · ‎05-14-2025

can you give more details of what you did Sir?

RobDoyle · ‎05-16-2025

@psfortuna

So my particular issue was with the query_range for sys_user_grmember.user
So firstly I had to create a new ACL for this query I set the role back to SNC_Internal but it could be the role of the user(s) being prompted the error

I also set the security attributes to local.

Then I had to set the sys_user_grmember and sys_user_grmember.* to the same in doing so removed the error.

Hope that helps

Kevin Chung · ‎05-14-2025

Hi there, we've recently published a blog article covering this ServiceNow ACL security update.

I think you'll find it helpful!

Understanding ServiceNow’s May 2025 Query Range ACL Update: What You Need to Know

sanchit5 · ‎05-14-2025

Adding "query_range_role" to users/groups fixed the issue for me