Users on Watch List Can View Watched Incidents but not Watched Requests

Go to solution
ben_kahn
Kilo Expert

‎07-10-2014 03:59 PM

Hi all, I have a strange problem in my ServiceNow instance. When non-ITIL employee users try to look at Request Items they are on the watch list for, they see an error message stating "Security constraints prevent the display of this record".

 

I've only just taken up an admin role here as the previous person left recently. Can anyone point me in the right direction of troubleshooting this problem?

Labels:
0 Helpfuls
  • 7,771 Views
1 ACCEPTED SOLUTION

Go to solution
Subhajit1
Giga Guru

‎07-10-2014 08:13 PM

Hi Ben,


This is because your End Users(Non-ITIL) do not have Read Access to records on the Request Table.


You will have to create a Access Control to Give Read Access on the Record Level to them when they are part of the Watch List.



Thanks,


Subhajit


View solution in original post

0 Helpfuls
9 REPLIES 9

Go to solution
ben_kahn
Kilo Expert
In response to adam_webster

‎02-18-2015 09:55 AM

Hey Adam, yes. You need to create a "write ACL" as well. Since you just want this write access to be on the comments field you have to make sure to set the ACL for sc_req_item.comments rather than the whole table. Here is the ACL I made:



Screen Shot 2015-02-18 at 9.43.59 AM.png


Note this allows comments from the requestor, creator, and Watch List (I think I copied this from the out of the box ACL that does this for the Incident table). You also need to set up a separate ACL that allows writing to this comments field when role = ITIL if you want ITIL users to continue to be able to comment on any requested item. Otherwise setting this specific ACL will stop anyone from commenting who isn't in the above categories (or an admin).



Hope that helps!


Preview file
124 KB
0 Helpfuls

Go to solution
adam_webster
Kilo Contributor
In response to ben_kahn

‎02-19-2015 07:14 AM

Thanks Ben that worked.


0 Helpfuls

Go to solution
Nivlac1000
Kilo Expert
In response to ben_kahn

‎11-03-2015 01:25 PM

I've been using that script(current.watch_list.indexOf(gs.getUserID()) > -1;) in non-scoped applications for years.   Now I have a scoped application that give me this error.


"Method returned an object of type IdFunction which is not allowed in scope <application name here>"


Have you seen a solution to that?



TIA,


Cal


0 Helpfuls

Go to solution
clinton_hart
Mega Contributor
In response to Nivlac1000

‎09-05-2016 03:35 PM

Did you ever get a solution for this Cal



Thanks


Clinton


0 Helpfuls

Go to solution
Nivlac1000
Kilo Expert
In response to clinton_hart

‎09-06-2016 08:56 AM

Hey Clinton,



It's been awhile but I think you need to go to the Table that is in Scope and then go to the Application Access and add the Accessible from (all application scopes) plus the Can read, can create, can update, etc.



Thanks!


Cal


0 Helpfuls