Read operation on table 'sn_hr_core_case' from scope 'Global' was denied. The application 'Global' must declare a cross scope access privilege.

Go to solution
Beno_t Proulx
Giga Guru

‎08-19-2020 12:57 PM

I have a Service Portal Page that uses the out-of-the-box "Data table from instance definition" widget to display records from the sn_hr_core_case table. I am running this on Paris version.

However, it does not work because of some scope issue which don't seem to make sense to me since it says it's denied from scope "global"... Read operation on table 'sn_hr_core_case' from scope 'Global' was denied. The application 'Global' must declare a cross scope access privilege.

So I am somewhat puzzled... I tried to query form another table and I was successful in retrieving records from the sn_hr_le_table without the cross scope problem. I have not tried other tables than that so far.

find_real_file.png

A search from Google revealed that there was the same issue (or seems very similar) that was fix in London's version.

https://docs.servicenow.com/bundle/london-release-notes/page/release-notes/quality/london-patch-7.ht...
find_real_file.png

 

Anyone else can replicate the issue? or may have a solution or workaround to propose?

Preview file
29 KB
Preview file
22 KB
0 Helpfuls
  • 26,207 Views
1 ACCEPTED SOLUTION

Go to solution
Beno_t Proulx
Giga Guru

‎08-24-2020 07:03 AM

After reaching out to ServiceNow support, they pointed me in the correct direction and I was able to resolve my issue.

Turns out what I was missing was "Restricted Caller Access Privileges" (RCAP)

I needed to add RCAP records for the Base widget "Data Table" and my custom widget which is a clone of "Data table from instance definition".

Turns out those records were created by the system automatically the first time I tried to use my widget, but the status was set to "Requested". I just updated it to "Allowed". (see screenshot)

View solution in original post

Preview file
52 KB
9 REPLIES 9

Go to solution
Ashutosh Munot1
Kilo Patron
Kilo Patron

‎08-19-2020 01:01 PM

Hi,

Add the cross scope application entry

find_real_file.png


Thanks,

Ashutosh

Preview file
42 KB

Go to solution
Christian Prob2
Tera Guru
In response to Ashutosh Munot1

‎08-19-2020 01:11 PM

So this is - imho - the obvious quick&dirty fix. I would really like to understand why this is not an issue in the ootb configuration and why the ootb configuration does not really need any cross scope entries between HR and global.

That makes me think I should not need those either in cases as Benoît pointed out.

One of the main reasons to have the whole scope separation is security, so if i blindly just add Cross Scope entries that kind of defeats the purpose and may put security at risk, or am i missing something?

Christian

Go to solution
Beno_t Proulx
Giga Guru
In response to Ashutosh Munot1

‎08-20-2020 05:11 AM

Thanks for taking the time to respond.

 

However, as I'm mentioned the system does not allow to create a cross-scope record where the source is Global.

find_real_file.png

So I tried the opposite (although it does not make much sense to me) and as expected it did not impact the result:

find_real_file.png

Preview file
31 KB
Preview file
25 KB
0 Helpfuls

Go to solution
Ashutosh Munot1
Kilo Patron
Kilo Patron
In response to Beno_t Proulx

‎08-22-2020 01:36 AM

Hi,


Which table you are trying to refer using HR Scope to Global Scope.

Because When you are creating the cross scope record in target name put GlideRecord.update , GlideRecord.setValue etc.

Thanks,
Ashutosh

0 Helpfuls