Not able to view incidents
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2024 03:19 AM
Hi,
User not able to view Security incidents. It is showing below message. Please help on this.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2024 03:22 AM
Hi @Shaik22 ,
It's because you're blocked / not allowed to see the security incidents. Either by ACL or by filtration rules.
If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.
best regards
Anders
If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.
Best regards
Anders
Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2024 03:26 AM
I checked in ACL but unable to find ACL. can you please share which ACL it would be.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2024 03:36 AM
Hi @Shaik22 ,
Please try to verify below (remember to change the instance to your own instance).
Data filtration rule: Data Filtration | ServiceNow (service-now.com)
For ACLs, you should filter on ACLs for the security incident response.
If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.
best regards
Anders
If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.
Best regards
Anders
Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2024 03:27 AM
Hi @Shaik22 ,
This is due to result of the way that ACLs are applied in the list. The current design is to first execute the query against the table and retrieve all records that meet the specified filter condition, then for each row on the current page any read ACLs are evaluated to verify if the current user is allowed to view the record. If the user is able to view the record it is displayed as a row in the list, however if the user is not permitted to view the record it is not displayed. If there are any row that were not displayed the count is displayed with the message "Number of rows removed from this list by Security constraints"
You will want to make sure that the users that you want to see the data has Read ACLs
Whatever users that have access to the platform, can get inside of the platform, they need a read ACL on the table that you are trying to read.
Also, the records are deleted from the table (on which the indicator/indicator source are running) after the snapshot capture for the defined period. Admin/Maint users see the error message for this reason.