Not able to view incidents

Shaik22
Tera Expert

Hi,

 

User not able to view Security incidents. It is showing below message. Please help on this.

Shaik22_0-1713262763758.png

Thanks.

 

5 REPLIES 5

AndersBGS
Tera Patron
Tera Patron

Hi @Shaik22 ,

 

It's because you're blocked / not allowed to see the security incidents. Either by ACL or by filtration rules. 

 

If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.

 

best regards

Anders

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

I checked in ACL but unable to find ACL. can you please share which ACL it would be.

Hi @Shaik22 ,

 

Please try to verify below (remember to change the instance to your own instance).

Data filtration rule: Data Filtration | ServiceNow (service-now.com)
For ACLs, you should filter on ACLs for the security incident response. 

 

If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.

 

best regards

Anders

If my answer has helped with your question, please mark my answer as the accepted solution and give a thumbs up.

Best regards
Anders

Rising star 2024
MVP 2025
linkedIn: https://www.linkedin.com/in/andersskovbjerg/

Community Alums
Not applicable

Hi @Shaik22 ,

This is due to result of the way that ACLs are applied in the list. The current design is to first execute the query against the table and retrieve all records that meet the specified filter condition, then for each row on the current page any read ACLs are evaluated to verify if the current user is allowed to view the record. If the user is able to view the record it is displayed as a row in the list, however if the user is not permitted to view the record it is not displayed. If there are any row that were not displayed the count is displayed with the message "Number of rows removed from this list by Security constraints"

You will want to make sure that the users that you want to see the data has Read ACLs

Whatever users that have access to the platform, can get inside of the platform, they need a read ACL on the table that you are trying to read.

Also, the records are deleted from the table (on which the indicator/indicator source are running) after the snapshot capture for the defined period. Admin/Maint users see the error message for this reason.