π Did you know ServiceNow has enhanced instance security with new ACL types?
In ServiceNow, data is everything β and keeping it secure is a top priority.
Recently, I encountered an interesting scenario while filtering records in the native UI, where I received an error:
βQuery range for the fields does not match the criteria to access it.β
This led me to explore some security updates introduced in the May 2025 Yokohama patch upgrade. π‘οΈ
π ServiceNow has introduced two powerful ACL types:
query_range: Controls whether a user can apply certain filters on fields (e.g., restricts queries that use operators like >, <, >=, <=, "starts with", "ends with", or "contains").
Purpose:
To prevent users from querying for data within a range or pattern, which could indirectly reveal sensitive information.
query_match: Governs that users must provide the full, correct value to retrieve any data while querying it. A user can only retrieve a specific user's record if they know the exact SSN.
These new ACLs add an extra layer of protection when users try to query or filter data β reducing risks of unauthorized data access and reinforcing zero-trust security.
Really impressive step by ServiceNow toward more granular, query-level security controls! ππ
Have you explored these ACLs yet? Letβs discuss in the comments! π¬π
