Using GlideRecordSecure in a scoped application, allowing create access to ecc_queue

Go to solution
Community Alums
Not applicable

‎04-14-2025 02:26 AM - edited ‎04-14-2025 03:21 AM

Hi All,

 

I have a script include within a scoped (store) application, that is creating records on the ecc_queue table. We have recently changed from GlideRecord to GlideRecordSecure, the function is as follows:

 

create : function() {
		this.addParameter('skip_sensor', true);
		var egr = new GlideRecordSecure("ecc_queue");
		egr.agent = "mid.server." + this.midServer;
		egr.queue = "output";
		egr.state = "ready";
		egr.topic = "JavascriptProbe";
		egr.name = this.name;
		egr.source = this.source;
		egr.payload = this.payloadDoc.toString();
		return egr.insert();
	},

 

Due to a number of ACLs on the table, this is now failing. I have created table level create/write/read ACLs within the scoped application, that should allow non-admin users with the apps role to access the table, but It's still not working. Running the security debug, I see this in the log:

 

TimDScott_0-1744622479589.png

 

Looks to me like the "out of the box" ACLs in global scope are blocking my scoped versions?

 

Please can someone help me understand what I need to do in order to get this working, if indeed this is possible!

 

Thanks!

 

Tim.

 

 

0 Helpfuls
  • 1,252 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Community Alums

‎04-14-2025 06:03 AM

@Community Alums 

Option 2 is more feasible and ServiceNow app certification team does have the right to create exceptions.

I have been doing the same for the past few app certification cycles whenever new version comes in.

I believe I have answered your question with the approaches.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

View solution in original post

14 REPLIES 14

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎04-14-2025 02:40 AM

@Community Alums 

did you see any cross scope privilege error?

if yes then you need to allow that

If my response helped please mark it correct and close the thread so that it benefits future readers.

 

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎04-14-2025 02:45 AM

@Community Alums 

you should create these 2 cross scope privilege records in your scoped app

Here in the screenshot I created custom app "01/23"

 

AnkurBawiskar_0-1744623918223.png

 

 

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Community Alums
Not applicable
In response to Ankur Bawiskar

‎04-14-2025 02:57 AM

@Ankur Bawiskar thanks for the reply, I already have those 2 cross-scope privileges covered:

 

TimDScott_0-1744624667268.png

 

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Community Alums

‎04-14-2025 03:02 AM

@Community Alums 

I believe since you are using GlideRecordSecure, system will check if from other scope you have write access to the individual fields as well such as name, source, topic, payload, agent, queue, state.

Did you try creating those 7 field level WRITE ACLs in your scope with your custom app role in it?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls