user_admin Role no longer works

Go to solution
Brian Lancaster
Tera Sage

‎09-16-2015 06:44 AM

Ever since we upgraded to Fuji user who have the user admin role are no longer able to see any users.   When they click on Users under User Administration menu they get the following error   "Security constraints prevent access to requested page".   Any thoughts on what might cause this?

0 Helpfuls
  • 1,431 Views
1 ACCEPTED SOLUTION

Go to solution
bernyalvarado
Mega Sage
In response to Brian Lancaster

‎09-16-2015 07:50 AM

Hi Brian,



Thanks for the clarification.



You must have a read ACL with the name of sys_user. This ACL is at the table label. If it doesn't exist then nobody (except system admins) will have access to your sys_user table (unless your system is configured to allow by default access to everybody to anything).



If it doesn't exist, you may want to create that ACL at the table label. Table: sys_user Field: - NONE -. You can make it open since in theory anyone should have access to the sys_user table.



Thanks,


Berny


View solution in original post

0 Helpfuls
14 REPLIES 14

Go to solution
JusCuz
Tera Guru

‎09-16-2015 06:45 AM

The ACL's for that table had to have changed. You'll need to verify and reset the needed ACL's.


0 Helpfuls

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

‎09-16-2015 06:52 AM

Hi Brian,



I am not able to reproduce the issue. However the best way is to turn on the debugger and check which ACL's is restricting the access.


Also for reference you can refer to the OOB dev instance on Fuji.



Please check section 8 for more info.


http://wiki.servicenow.com/index.php?title=Using_Access_Control_Rules


0 Helpfuls

Go to solution
Brian Lancaster
Tera Sage
In response to Pradeep Sharma

‎09-16-2015 07:41 AM

When I use the debug the only thing that shows an error of any sort is below but then looks like it success right after.


09:38:28:AM.372: TIME = 0:00:00.000 PATH = record/live_profile.short_description/write CONTEXT = Brian RC = true RULE =



record/live_profile/write
record/live_profile/write
0 Helpfuls

Go to solution
bernyalvarado
Mega Sage

‎09-16-2015 07:04 AM

Hi Brian,



You can start by validating the following ACLs:


https://yourinstancename.service-now.com/sys_security_acl_list.do?sysparm_query=name%3Dsys_user%5EOR...



The first ACL you need to validate is the one with the name sys_user or sys_user.*. Those ACL most probably are the ones that are restricting the access to your admins. Make sure those ACLs have the admin overrides checked.



Thanks,


Berny


0 Helpfuls