- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-20-2024 06:44 AM
I'm currently working through trying to grant more roles the ability to view the SLA Timeline UI Page. ServiceNow Docs say itil, sla_admin, and sla_manager are the roles required for viewing it, however we want to add a different role to it, say sn_customerservice_agent. IE: If they can see the SLA Timeline button, why not allow them to click it?
Anyway - I figured simple enough, I find the ACL to open up the permissions to it, no biggie.
Seems like this should be enough, now however when I go to the UI Page, I get this message instead of the typically ACL message.
Of course this to me looks like a Business Rule, Data Policy, or some sort of Script abort to UI Message for "User Not Authorized." I ran the trusty ol session debugger to see what may be causing this, and get largely a non-answer from the debugger. The best I get out of debugger is this line about the REST API Processor returning the "User Not Authorized"
Running the debugger logs side by side for a user that has access vs one that doesn't, outside of this and some additional processing after this step, there isn't much different that I can see.
I don't feel like it should be that complicated to get access to a UI Page for other users that can see all the relevant information on the report being displayed.
I feel like I'm missing something incredibly simple. Any thoughts?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-20-2024 01:00 PM
Found the answer - The UI Page executes a GET API action on the /api/now/sla (internal SLA API) not table based.
So for future individuals - Will need to also add the role into the ACL here for SLA timeline specifically.
Thanks @Rajesh Chopade1 for the tip on the web dev tools, they helped point me in the direction on which API was failing ACL auth, but it does not show up in session debugger.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-20-2024 07:04 AM
hi @Luke54
You've already added an ACL for the page. Ensure it allows the custom role (sn_customerservice_agent) to access the page.
The "User Not Authorized" message may indicate additional security checks. Investigate any Business Rules or scripts (e.g., UI Actions) that restrict access.
The REST API may be enforcing role restrictions beyond ACLs. Review relevant API scripts for role checks and modify accordingly.
thank you
rajesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-20-2024 08:14 AM
In the debugger, it shows no business rules processing on a direct link to the page. So i'm bypassing any conditions in the UI Actions as well by going direct. Still get the no access rule.
I used studio to do a code search for the test "User Not Authorized" and didn't turn up anything useful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-20-2024 08:22 AM
Open Browser Dev Tools and check the network tab to see if any server calls return a "403 Forbidden" or related status, which may provide insight into what's causing the block.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-20-2024 11:52 AM
Yes - got the 403 on this: