query_range & query_match ACL's
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2025 11:47 PM
🔐 Did you know ServiceNow has enhanced instance security with new ACL types?
In ServiceNow, data is everything — and keeping it secure is a top priority.
Recently, I encountered an interesting scenario while filtering records in the native UI, where I received an error:
“Query range for the fields does not match the criteria to access it.”
This led me to explore some security updates introduced in the May 2025 Yokohama patch upgrade. 🛡️
👉 ServiceNow has introduced two powerful ACL types:
query_range: Controls whether a user can apply certain filters on fields (e.g., restricts queries that use operators like >, <, >=, <=, "starts with", "ends with", or "contains").
Purpose:
To prevent users from querying for data within a range or pattern, which could indirectly reveal sensitive information.
query_match: Governs that users must provide the full, correct value to retrieve any data while querying it. A user can only retrieve a specific user's record if they know the exact SSN.
These new ACLs add an extra layer of protection when users try to query or filter data — reducing risks of unauthorized data access and reinforcing zero-trust security.
Really impressive step by ServiceNow toward more granular, query-level security controls! 🔐🚀
Have you explored these ACLs yet? Let’s discuss in the comments! 💬👇
- 955 Views