- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-06-2025 01:25 PM - edited ‎08-06-2025 01:27 PM
Starting this morning, several people are having issues accessing the "My Work" link in ServiceNow. This is in the Self Service application and links to the task table with a dynamic filter to show work items for the logged in user. They're receiving the "Security constraints prevent access to requested page" error. The same behavior occurs when they try to access the Task table. I did some digging and figured out it was an ACL denying access. When I grant the sn_collab_request.basic_read role, it gives them the access they need. Has anyone else run into this issue? The only thing I can think of is that I updated the Collaborative Work Management application this morning, could that have caused the issue?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
support provided us the following workaround...
Issue:
Service Management My Work Giving Users Security Constraints Message
Steps to Reproduce:
1. My Work or My Groups Work under Service Management nav module
2. Users can also attempt to view task table
Most Probable Cause:
You are most probably hitting into this PRB: PRB1915184
Solution Proposed:
The workaround is to create the property
'glide.security.enable_detailed_table_level_acl_check'
.Set property
"glide.security.enable_detailed_table_level_acl_check"
to false to skip the detailed hierarchy checks for the initial table access decision. This will check the direct table for roles and security attributes to determine initial table access. READ operations on the records/fields will remain unaffected.for now. And, our dev team internally create a problem (i.e., PRB1915184) for permanent fix.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-06-2025 11:12 PM
You need to check on what you changed exactly (or what others changed). OOB the 'My work' link shows a list with a filter on the task table. If you get a 'security constraints...' message, that's always an ACL, but the role you mention is not (OOB) necessary to access those records.
Check on any changes/deletions/inserts on ACLs both on 'sys_security_acl' and 'sys_security_acl_role'.
I suspect something changed that is limiting the access and granting roles to go around that, shouldn't be the solution. You should update the change that limited access so it is not preventing it anymore, unless it was a change that was made for a reason but then somebody forgot to test it thoroughly.
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-07-2025 05:25 AM
@Mark Manders I checked both those tables and there have been no recent changes. I'm baffled. The only thing that changed was some app updates. I ran security debugging and was able to find that an ACL was denying access to sn_collab_request_dev_collab_task. I don't understand why that would deny access to the parent table. I'm lost.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-07-2025 06:10 AM
Did you check the sys_update_xml table to see if anything else has been updated (also: check the deleted records for any deletions made).
Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-07-2025 07:36 AM
@Mark Manders I cloned down to a sub prod instance to troubleshoot this. I removed the sn_collab_request.basic_read role from all users and impersonated them to test their access. The task table and the "My Work" module loaded up as normal. I'm still baffled.
