query_range & query_match ACL's

Abhishek_Thakur
Mega Sage

🔐 Did you know ServiceNow has enhanced instance security with new ACL types?

In ServiceNow, data is everything — and keeping it secure is a top priority.
Recently, I encountered an interesting scenario while filtering records in the native UI, where I received an error:
“Query range for the fields does not match the criteria to access it.”
This led me to explore some security updates introduced in the May 2025 Yokohama patch upgrade. 🛡

👉 ServiceNow has introduced two powerful ACL types:
query_range: Controls whether a user can apply certain filters on fields (e.g., restricts queries that use operators like >, <, >=, <=, "starts with", "ends with", or "contains").
Purpose:
To prevent users from querying for data within a range or pattern, which could indirectly reveal sensitive information.

query_match: Governs that users must provide the full, correct value to retrieve any data while querying it. A user can only retrieve a specific user's record if they know the exact SSN.

These new ACLs add an extra layer of protection when users try to query or filter data — reducing risks of unauthorized data access and reinforcing zero-trust security.
Really impressive step by ServiceNow toward more granular, query-level security controls! 🔐🚀
Have you explored these ACLs yet? Let’s discuss in the comments! 💬👇

error SNOW.jpg

0 REPLIES 0