Unable to upload file due to security restrictions error while importing update set from XML

Savita1 · ‎04-18-2018

Hi,

I am trying to give the test user the roles to do all the functionalities of the update set. Through the ACL I have given the read,write and create permission on the sys_update_set , sys_remote_update_set and sys_update_xml. But while uploading the XML file in the " Retrieved Update Set" I am getting the error "Unable to upload file due to security restrictions". I have elevated the roles of the test user to "security admin" also.

Can someone please help me on this. Is there any other table on which I need to provide the roles through ACL?

mike_s · ‎04-18-2019

I received a similar error when trying to allow a certain role to import XML files on a certain table. I came across this post that had a solution that worked:

https://community.servicenow.com/community?id=community_question&sys_id=7c374b29db1cdbc01dcaf3231f96...

The solution is to add a property (sys_properties) called glide.ui.security.upload.roles. In the value field, include the roles you would like to be allowed to upload XMLs. You don't need to add 'admin', just the other roles that you want to grant this permission to.

This will not show the import XML option on context menus for the roles you entered. This just simply allows those roles to import XML to tables that they have access to do so.

For our case, we updated contenxt menus to show the import XML option where need be for the new role. Added that role to the property. The users with that role were able to upload to tables that they can create/write to, but not to tables where they don't have access to.

PriyaRanji · ‎05-19-2020

Hello,

Please check your role contains any read-only role, if "yes" please remove that role and try again.It happens when the clone down happens from prod. And in case if you have some read only role in prod while clone it appears in lower instances and cause this issue.

In such case, even if you have admin role, it will not work [please remove read-only role if any]

Let me know if it didn't helps you out.

Thanks,

Priyanka R

Deeksh · ‎07-06-2025

Yes, the error you're encountering, “Unable to upload file due to security restrictions,” is often caused by hidden role restrictions that override your elevated permissions.

From what you've described, you've already:

Granted read, write, and create access on sys_update_set, sys_remote_update_set, and sys_update_xml tables
Elevated the user's role to security_admin

However, one common blocker is the snc_read_only role, which can be inherited through group membership and silently restrict file uploads, even when security_admin is active.

Solution:

Go to the affected user’s profile.
Check their roles and see if snc_read_only is present.
If it is:

Check whether it's been granted directly or through group membership.
If it's inherited through a group (e.g., FSM Read-Only Group), click the "Role Inheritance Map" reference record link to trace which group assigned it.
Remove the user from that group.
If assigned directly, remove the role using the Edit button in the user’s role list.
After removing the role, elevate the security_admin role again, and retry uploading the update set.

This exact issue happened to me—removing the snc_read_only role (which I had inherited from the FSM Read-Only Group) resolved the error immediately. Make sure to double-check all group memberships and role inheritance paths.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" or " Helpful." This action benefits both the community and me.

Regards
Deeksh A C
ServiceNow Tech-Developer
LinkedIn: https://www.linkedin.com/in/deeksh-servicenow/
****************************************************************************************************************