SLA Timeline - Permissions

Luke54
Tera Expert

I'm currently working through trying to grant more roles the ability to view the SLA Timeline UI Page. ServiceNow Docs say itil, sla_admin, and sla_manager are the roles required for viewing it, however we want to add a different role to it, say sn_customerservice_agent. IE: If they can see the SLA Timeline button, why not allow them to click it?

 

Anyway - I figured simple enough, I find the ACL to open up the permissions to it, no biggie.

Luke54_2-1726839336987.png

 

Seems like this should be enough, now however when I go to the UI Page, I get this message instead of the typically ACL message. 

 

 

Luke54_0-1726838888357.png

Of course this to me looks like a Business Rule, Data Policy, or some sort of Script abort to UI Message for "User Not Authorized." I ran the trusty ol session debugger to see what may be causing this, and get largely a non-answer from the debugger. The best I get out of debugger is this line about the REST API Processor returning the "User Not Authorized"

 

Luke54_3-1726839757009.png

 

Running the debugger logs side by side for a user that has access vs one that doesn't, outside of this and some additional processing after this step, there isn't much different that I can see. 

 

I don't feel like it should be that complicated to get access to a UI Page for other users that can see all the relevant information on the report being displayed. 

 

I feel like I'm missing something incredibly simple. Any thoughts?

 

1 ACCEPTED SOLUTION

Found the answer - The UI Page executes a GET API action on the /api/now/sla (internal SLA API) not table based. 

 

So for future individuals - Will need to also add the role into the ACL here for SLA timeline specifically. 

Luke54_1-1726862371726.png

Thanks @Rajesh Chopade1 for the tip on the web dev tools, they helped point me in the direction on which API was failing ACL auth, but it does not show up in session debugger. 

View solution in original post

6 REPLIES 6

Rajesh Chopade1
Mega Sage

hi @Luke54 

You've already added an ACL for the page. Ensure it allows the custom role (sn_customerservice_agent) to access the page.

The "User Not Authorized" message may indicate additional security checks. Investigate any Business Rules or scripts (e.g., UI Actions) that restrict access.

The REST API may be enforcing role restrictions beyond ACLs. Review relevant API scripts for role checks and modify accordingly.

 

thank you

rajesh

In the debugger, it shows no business rules processing on a direct link to the page. So i'm bypassing any conditions in the UI Actions as well by going direct. Still get the no access rule. 

 

I used studio to do a code search for the test "User Not Authorized" and didn't turn up anything useful. 

Open Browser Dev Tools and check the network tab to see if any server calls return a "403 Forbidden" or related status, which may provide insight into what's causing the block.

Yes - got the 403 on this: 

Luke54_0-1726858332761.png