Reference Qual Filter not working for non-admin users querying custom table

Go to solution
Liam Rhodes1
Kilo Expert

yesterday

Hey all,

 

On one of our catalog items, I have a list collector variable that uses the follow reference qual filter which uses a script include to only display records in the u_sjp_partner_practices table where the user selected from the user variable is associated to. 

 

javascript:new PracticeFilter().getPracticeFilter(current.variables.user);

 

LiamRhodes1_0-1767800902971.png

 

This executes the following Script Include which is client callable called PracticeFilter:

 

var PracticeFilter = Class.create();
PracticeFilter.prototype = {
    getPracticeFilter: function(userSysId) {
        var ids = [];
        var filter = 'sys_idIN';

        gs.info('[PracticeFilter] Called with userSysId: ' + userSysId);

        if (!userSysId) {
            gs.warn('[PracticeFilter] No userSysId provided, returning sys_idISEMPTY');
            return 'sys_idISEMPTY';
        }

        var assocGR = new GlideRecord('u_sjp_pss_firm_association');
        assocGR.addQuery('u_user', userSysId);
        assocGR.query();

        gs.info('[PracticeFilter] Found ' + assocGR.getRowCount() + ' association records for user: ' + userSysId);

        while (assocGR.next()) {
            if (assocGR.u_pss_practice_name)
                ids.push(assocGR.u_pss_practice_name.sys_id.toString());
        }

        if (ids.length === 0) {
            gs.warn('[PracticeFilter] No practices found for user: ' + userSysId);
            return 'sys_idISEMPTY';
        }

        filter += ids.join(',');
        gs.info('[PracticeFilter] Returning filter: ' + filter);
        return filter;
    },

    type: 'PracticeFilter'
};

 

 

So what this script does is it queries another custom table that we have created called 

u_sjp_pss_firm_association and searched against the u_user field (reference to sys_user) for any records where the user we've passed through matches. What it then does is return all records from the u_sjp_partner_practices table using that reference field to do so.
 
So the records on the u_sjp_pss_firm_association all look like this:
So it queries all records where the User field is a match and returns all records via the PSS Practice Name field.
1.jpg
 
These two custom tables have basic read/write/create/delete ACL's using a custom role which is assigned the user I'm testing with. For me, as an admin, this works perfectly fine (see below) but for a non-admin they're having no results returned:
 
2.jpg
LiamRhodes1_1-1767801840997.png

I have checked the test users access to the table and to the records using Access Analyzer and it comes back as a pass on all ACL's. So I'm at a bit of a loss here, is this just messy ACL's or is there something else that I need to ensure has been set up to allow them to run this query?

 

Thanks in advance for any assistance!

 
0 Helpfuls
  • 350 Views
1 ACCEPTED SOLUTION

Go to solution
Liam Rhodes1
Kilo Expert

4 hours ago

Thanks all, you all got me on the right path that eventually lead me to this ServiceNow KB that resolved the issue for me. 

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2283949

View solution in original post

0 Helpfuls
10 REPLIES 10

Go to solution
Chaitanya ILCR
Mega Patron

yesterday

HI @Liam Rhodes1 ,

Are seeing logs that you have added in the script include when impersonating the user?

 

if NO

 

check if there is any ACL for the "script include" (since you have mentioned it's a client callable one (but the script looks like it's not since not extending AbstractAjaxProcessor))

 

and see if the user passess that ACL

name of the ACL is name of your script include and type of ACL is client_callable_script_include and operation in "execute"

ChaitanyaILCR_0-1767803138247.png

 

if you find any ACL update it and give access to the user

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

 

 

Go to solution
Liam Rhodes1
Kilo Expert
In response to Chaitanya ILCR

10 hours ago

Thank you - I tested as you can see below. The first three are me (admin) and the other three are a non-admin user having no records returned. The script is executing as we're seeing the logs. But we're not having those values returned to the list collector?

 

LiamRhodes1_0-1767866038567.png

 

0 Helpfuls

Go to solution
Chaitanya ILCR
Mega Patron
In response to Liam Rhodes1

10 hours ago

Hi @Liam Rhodes1 ,

Check if there are any query_match or query_range ACLs on your custom table ->"SJP Partner practices" table 

instead of incident look for your custom table like 

 

ChaitanyaILCR_1-1767866792788.png

 

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

Go to solution
Liam Rhodes1
Kilo Expert
In response to Chaitanya ILCR

9 hours ago

I recently added these this morning. They haven't helped.

 

LiamRhodes1_0-1767868846813.png

I did enable debugging though and I'm seeing this:

Data filters are disabled for this query table="u_sjp_partner_practices"

Any idea what this could mean?

 

0 Helpfuls