Users having Knowledge role should not able to edit Reports.

1_DipikaD
Kilo Sage

‎05-10-2026 08:18 AM

Hi All,

 

I have a requirement that users who have Knowledge role should not able to edit the report. They can view but should not able to edit a particular Report. Should I write ACL for this . I have tried to share the report to the people who have Knowledge role but they still able to edit the report. Please suggest.

 

Thank You

0 Helpfuls
  • 976 Views
2 REPLIES 2

pavani_paluri
Kilo Sage

‎05-10-2026 10:20 AM

Hi @1_DipikaD ,

 

You’re on the right track thinking about ACLs, because sharing a report only controls who can see it, not who can edit it. By default, if a user has the report_admin or similar permissions, they can still edit. The knowledge role itself doesn’t restrict report editing.

ACLs on the `sys_report` table:
Create a write ACL that denies users with the `knowledge` role from editing reports.
Keep the read ACL open so they can still view.
Always enforce restrictions at the ACL level, not just UI, so users can’t bypass it with direct URLs or API calls.

 

Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Pavani P
0 Helpfuls

Tanushree Maiti
Tera Patron

‎05-10-2026 10:40 AM - edited ‎05-10-2026 10:40 AM

Hi @1_DipikaD 

 

It can be done two ways .

1 Option A: Using ACL (Recommended)

  •  Navigate to your user profile and elevate to security_admin
  • Navigate System Security > Access Control (ACL) and click New.
  • details
    • Type: Record
    • Operation:Write
    • Name: sys_report 
  • Add Condition/Script:
    • In the Condition builder, add a condition that excludes the specific report 
    • like [Specific Report] AND [Users with Knowledge Role]
  • The user will be able to view the report, but the edit/save buttons will be disabled

 

  1. Option B: Using Before-update BR  to stop updates.
  • Create a Before Update Business Rule on the sys_report table.
  • Add condition like current.sys_id == '<Specific_Report_Sys_ID>' && gs.hasRole('knowledge')

(function executeRule(current, previous /*null when async*/) {

    gs.addErrorMessage("You do not have permission to edit this report.");

    current.setAbortAction(true);

})(current, previous);

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls