- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2025 10:25 AM - edited ‎05-15-2025 10:56 AM
I'm using a field called u_business_owner on my stories that was inherited from the rm_feature table. I have an acl that give user in this field read access, as well as write access to story comments. They have access to view the stories and edit the comments via our service portal using a simple list widget with the following Queryu_business_ownerDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORwatch_listDYNAMIC90d1921e5f510100a9ad2572f2b477fe^active=true.
After ServiceNow implemented the Query range ACL for this field when users open the Service Portal they get "Part of the query on rm_story has been ignored because of insufficient access for 'query_range' operation on rm_story.u_business_owner". This is causing user not to be able to view there stories. If I run the same query in the fulfiller view I get the same error message. How can I fix this without going against what ServiceNow is calling best practice?
Note: I also had to give read access to the u_business_owner field to allow this to work. A query range ACL was added for rm_story.u_business_ownner and that is what is causing the issue.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2025 09:23 AM - edited ‎05-19-2025 11:04 AM
I got confirmation form ServiceNow that I need a query_match ACL instead of a query_range.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-15-2025 10:49 AM
You need to add a specific Access Control granting the query_range operation for the roles that you want to be able to view the stories. Based on the second paragraph try adding an Access Control configured as follows:
Type: Record
Operation: query_range
Name: rm_story.u_business_owner
Roles: add the Roles that should be allowed (likely the same ones from your field read access rule that allows users to view the story.)
Note: If this doesn't work try creating rules for the table/story. Everything from above would be the same except the Name field which would be at a higher level than the specific attribute, ie rm_story, or rm_story.* (might need them at the table level rm_feature or rm_feature.*)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-16-2025 09:47 AM
The query_range was added by ServiceNow. There was no specific roles to my read acl for rm_story.u_business_owner, I just had script of gs.isLoggedIn && gs.isInteractive.
Based on a KB article KB2130442 Now support sent me I may need a query_match instead of query_rang.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2025 09:23 AM - edited ‎05-19-2025 11:04 AM
I got confirmation form ServiceNow that I need a query_match ACL instead of a query_range.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-19-2025 09:44 AM
The one that I suggested or was there another one you needed?
