The Zurich release has arrived! Interested in new features and functionalities? Click here for more

Query range ACL

Go to solution
Brian Lancaster
Tera Sage

‎05-15-2025 10:25 AM - edited ‎05-15-2025 10:56 AM

I'm using a field called u_business_owner on my stories that was inherited from the rm_feature table. I have an acl that give user in this field read access, as well as write access to story comments. They have access to view the stories and edit the comments via our service portal using a simple list widget with the following  Queryu_business_ownerDYNAMIC90d1921e5f510100a9ad2572f2b477fe^ORwatch_listDYNAMIC90d1921e5f510100a9ad2572f2b477fe^active=true.

After ServiceNow implemented the Query range ACL for this field when users open the Service Portal they get "Part of the query on rm_story has been ignored because of insufficient access for 'query_range' operation on rm_story.u_business_owner". This is causing user not to be able to view there stories. If I run the same query in the fulfiller view I get the same error message. How can I fix this without going against what ServiceNow is calling best practice?

 

Note: I also had to give read access to the u_business_owner field to allow this to work. A query range ACL was added for rm_story.u_business_ownner and that is what is causing the issue.

0 Helpfuls
  • 8,256 Views
1 ACCEPTED SOLUTION

Go to solution
Brian Lancaster
Tera Sage
In response to Brian Lancaster

‎05-19-2025 09:23 AM - edited ‎05-19-2025 11:04 AM

I got confirmation form ServiceNow that I need a query_match ACL instead of a query_range.

View solution in original post

7 REPLIES 7

Go to solution
Brian Lancaster
Tera Sage
In response to John Gilmore

‎05-20-2025 07:45 AM

You suggested a query_range I needed a query_match.

0 Helpfuls

Go to solution
Minh Huy Lam Qu
Giga Sage
In response to Brian Lancaster

‎05-19-2025 09:58 AM

The operator is DYNAMIC so it's definitely query_range not query_match.

https://www.servicenow.com/docs/bundle/xanadu-platform-security/page/administer/contextual-security/...

 

You can check the Security Attribute that come with the query_range ACL added by ServiceNow also the Admin Override option.

Go to solution
Brian Lancaster
Tera Sage
In response to Minh Huy Lam Qu

‎05-19-2025 11:07 AM

I made a correction accounting to ServiceNow KB article I need a query_match. The ACL ServiceNow put is a query_range and was not working. According to the KB article query_match should be used when you use equals, in, or isnull.

query_match
Restricts queries to specific values (e.g., EQUALS, IN, ISNULL).
If the user passes, they can submit these match queries.
If they fail, these queries are blocked.