We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Flow Designer Cross Scope Access Error Scope does not have write access to sn_hr_le in Else Rejected

Pavankumarkp
Tera Contributor

2 hours ago

Hi Team,

I am currently working on an Employee Offboarding Flow in Flow Designer (HRSD module). The flow is triggered when an offboarding request is submitted and follows an approval process.

The Approved branch is working as expected, including record creation and updates. However, in the Else (Rejected) branch, I am trying to update a record in the table sn_hr_le_case, and I consistently receive the following error:

“Scope does not have write access to table sn_hr_le_case”

Some details:

  • Application scope: Custom scoped application

  • Table being updated: sn_hr_le_case

  • Action used: Update Record (Flow Designer)

  • Error occurs only in the Rejected (Else) branch

  • Other flows like Onboarding and Leave Automation are working with current roles

I would like to understand:

  1. Why is write access restricted specifically in this scenario?

  2. Is this due to cross-scope privileges between my custom app and the HR Core scope?

  3. Should I create a Cross Scope Access (Application Access) privilege explicitly?

  4. Is there a recommended best practice to handle updates to HR tables from a custom scoped Flow?

Any guidance on the correct and secure way to resolve this would be greatly appreciated.

Preview file
123 KB
Preview file
157 KB
Preview file
129 KB
0 Helpfuls
  • 70 Views
3 REPLIES 3

nayanmule
Kilo Sage

24m ago

@Pavankumarkp  , which scope are you using in the flow ? 

 

Check this KB article - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0854565

 

Thanks,

Nayan

0 Helpfuls

YashwanthV18760
Giga Guru

14m ago

Hii @Pavankumarkp 

 

This error happens because the flow is running from a custom application scope and trying to update a table (sn_hr_le_case) that belongs to the HR Core application scope. HR tables are protected, and by default they don’t allow write access from other scopes. That’s why it only fails in the Rejected branch — that’s the only place where your flow actually tries to update that HR table.

 

So the issue is not your logic or branch condition. It’s a cross-scope security restriction.

Here are the correct ways to fix it (recommended order):

 

Best Practice (Recommended)
Create a subflow inside the HR Core scope that performs the update, then call that subflow from your custom app flow. This is the standard approach because it keeps HR data access inside its own scope and follows platform security design.

 

Alternative
Create a Cross-Scope Access privilege allowing your app to write to sn_hr_le_case:
System Definition → Cross Scope Privileges → New → Target = sn_hr_le_case → Operation = write → Status = allowed.

 

In short: the failure is caused by scope isolation, not permissions or roles. HR tables are intentionally locked down, so the clean solution is to perform the update from within the HR scope (via subflow or action).

Hope this helps anyone else hitting the same issue.

0 Helpfuls

Ankur Bawiskar
Tera Patron

12m ago

@Pavankumarkp 

the error clearly says it's cross scope issue.

Seems you can't write that record of "sn_hr_le_case" from your custom scoped app

Define RCA for that table and they try

Restricted caller access privilege settings 

Also try to see if READ & WRITE access is allowed on that table from Table -> Application Access -> Accessible from All Scopes

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls