Is it Possible to restrict the list of tables that appear in the reporting tables in the Reporting Module

Go to solution
kagarwni
Kilo Expert

‎05-04-2016 06:28 AM

We are trying to restrict reporting for a user to limited tables .

The 2 solutions could be :

1. Hiding the tables to appear from the reporting list

2. Ensuring that no data appears eventhough the not-needed table is selected.

Also, am trying to understand difference between an ACL on sys_report and report_view.

Any leads regarding this will help a lot.

Release : Eureka

Regards

Nitin

0 Helpfuls
  • 4,996 Views
1 ACCEPTED SOLUTION

Go to solution
robpickering
ServiceNow Employee
ServiceNow Employee
In response to kagarwni

‎05-11-2016 08:31 AM

Just chiming in to help clarify.   "report_on" isn't a role, it's an ACL operation (like create, read, write, delete).


You will only need an explicit report_on ACL for tables on which you wish to CREATE new reports.


You can modify an existing report, and users will be able to see all tables on which they have READ access.


Per the wiki:


  • Users can still run published (global) reports against tables for which they have read rights, even if they cannot create reports.
  • System tables are not reportable by default. To allow reporting against system tables, administrators can configure the glide.ui.permitted_tables property. To learn more, see Reporting on System Tables.
  • The default ACL report_on operation gives access to report on the target table, any associated database view, and archived version of the target table.


OOB ITIL users can create reports on an enormous number of tables.   You can restrict these by adding a report_on ACL that provides a test condition (say a custom role) that fails.   If there's a specific table that you're seeing that you don't think you should, let us know what it is and we should be able to help you figure out why it's showing up.


View solution in original post

11 REPLIES 11

Go to solution
robpickering
ServiceNow Employee
ServiceNow Employee

‎10-20-2017 07:07 AM

That's correct, and by removing it, you've enabled anyone who has read access to the table to report on it.


If you wish to restrict access to the table for reporting purposes, even though users have read access to it, then you need the ACL enabled.


You will then need to create a role that has "report_on", in order to then GRANT access to the table to people who still need to report on it.   If you don't do this, then no one will be able to report on the table with the ACL enabled.



-Rob


0 Helpfuls

Go to solution
Jerry20
Tera Contributor

‎10-20-2017 07:17 AM

Thanks for getting back to me so soon. I thought by making it inactive it would remove it form the list.   I added a role that only four of have and that solved my issue. No other user can access this table.  


0 Helpfuls