Part of the query on sys_choice has been ignored because of insufficient access for 'query_match'

Go to solution
CharlieNZ
Tera Contributor

‎05-18-2025 01:29 PM

I hope this is the right place for this.

We have a user that has started getting these on each Incident they view:

Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.name
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.inactive
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.dependent_value
Part of the query on sys_choice has been ignored because of insufficient access for 'query_match' operation on sys_choice.element

charlesmeyer_0-1747600130406.png

 

We haven't made any changes to their account. The issue wasn't there a week ago. 

 

 

  • 2,802 Views
1 ACCEPTED SOLUTION

Go to solution
Konrad Mlodzik
Tera Expert
In response to CharlieNZ

‎05-20-2025 01:18 AM - edited ‎05-20-2025 01:39 AM

Hello @CharlieNZ 
My investigation shown that in fact, users didn't have read access to the field specified in the error message, visible in the below screenshot. All of that due to all sys_choice.* ACLs.

KonradMlodzik_0-1747728382087.png
My approach from here was to create sys_choice ACL for each of the fields that were prompted in error message, so in my case sys_choice.element and sys_choice.dependent_value.
I made them similar to the existing read ACL sys_choice.label.
Here you have an overview how I created that ACL:

KonradMlodzik_2-1747728919662.png


And as you can see here now in Access Analyzer, access is evaluated to true

KonradMlodzik_1-1747728858696.png

Try this approach with at least one of the fields from sys_choice that you have mentioned in yours error messages and see if the error still occurs. For me that works

If you can please mark that as helpful and that resolved your issue so that can help other visiting this thread 🙂

 

View solution in original post

15 REPLIES 15

Go to solution
phgdet
Mega Sage

‎05-18-2025 08:09 PM

Hi @CharlieNZ
There is an article that has quite the same error message you got. Maybe you need to update this property.

Name: glide.db.encoded_query.field_acl_error_msg

Type: true | false

Value: false

Go to solution
CharlieNZ
Tera Contributor
In response to phgdet

‎05-19-2025 02:25 PM

Thanks, this has hidden the messages. 

0 Helpfuls

Go to solution
Robert H
Mega Sage

‎05-18-2025 11:07 PM

Hello @CharlieNZ ,

 

Please check the ACLs on your instance. "query_match" is a new type of ACL that allows fine tuning what kind of queries users can perform.

 

RobertH_0-1747634710807.png

 

Based on the error message you seem to have such an ACL configured for the sys_choice table. So you would have to review the roles/conditions/scripts in that ACL to find out why that particular does not get matched by that ACL, and then either adjust the user's roles, or the ACL, or create an additional ACL with criteria that would let that user pass.

 

More details here.

 

Regards,

Robert

0 Helpfuls

Go to solution
CharlieNZ
Tera Contributor
In response to Robert H

‎05-19-2025 02:36 PM

When I look under ACL for query_match Operations, there is one listed:

CharlieNZ_0-1747690193816.png

CharlieNZ_1-1747690518705.png

 

 

Looking at the sys_choice table, there are no query_match operations listed.

CharlieNZ_2-1747690570884.png

 

 

0 Helpfuls