Jon G Lind
ServiceNow Employee
ServiceNow Employee

If you've used Transform Data Brokers within UI Builder (UIB) you have likely encountered the error "ACL failed for databroker with no defined failure result." and "You don't have permission to select this data resource" immediately after creating a new data resource and adding it to your page.

 
If you've used Transform Data Brokers then you also probably know that you just need to create a special ACL to resolve this (name=Sys ID of your data Broker, type = "ux_data_broker", operation = "execute").
 
JonGLind_0-1669157710674.png

 

No big deal (except the fact that "name" is a drop down makes it a little messy).  However, you can make it much easier to track the ACLs back to their data brokers, and make it almost a one-click affair to create a new one with the addition of one record.
 

The Power of Relationships

That's right!  Just add a new relationship to show you existing UX Data Broker ACLs.  And thanks to a quirk (feature?) of how relationships work it will also allow you to use the "new" button (if you have elevated permissions set) to create new ones with a couple of clicks.

 

  1. Go to System Definition > Relationships and create "new".
  2. Configure it similar to the screen grab below:

Data Broker ACLs.jpg

3. Properties:

  1. Name: Data Broker ACLs
  2. Applies to Table: Simple Data Broker (sys_ux_data_broker_simple) NOTE: This will cause it to appear on the different types of data brokers which inherit from this type.
  3. Queries from Table: Access Control (sys_security_acl)
  4. Query With:
    (function refineQuery(current, parent) {
    	current.addQuery('name', parent.sys_id);
    	current.addQuery('type', '6d9c40e9531210101cb3ddeeff7b12f6'); // 'ux_data_broker'
    	current.addQuery('operation', 'execute');
    })(current, parent);​

4. Open a Data Broker Server Script (Transform) record in the old UI (sys_ux_data_broker_transform), click the hamburger and Configure > Related Lists.

5. Add your newly created "Data Broker ACLs" relationship.

 

You will now see a spot for ACLs in your related list.  You may not have one yet, but to get one all you have to do is click "New" (don't forget to elevate your role to security admin or you won't have the option).

 

Simply save the record, return to your data resource, and you'll see the ACL in the list.  You will also notice that the error in UIB resolves itself.

Comments
paul_mitchell
ServiceNow Employee
ServiceNow Employee

Thanks, very helpful.

WORKFLOW-COWBOY
ServiceNow Employee
ServiceNow Employee

Excellent advice!

Amarjeet Pal
Kilo Sage
Kilo Sage

Hello,

 

I was able to figure out this issue of your's "No big deal (except the fact that "name" is a drop down makes it a little messy)."

Click on blue arrow icon available

amarjeetpal1812_0-1685448615838.png

Boom you will get rid of name as dropdown

Vadzim Surin1
Tera Expert

Thanks Jon for the very detailed manual!

To add an ACL to your custom Data Broker Server Script you can use this simple script:

var ACLGr = new GlideRecord('sys_security_acl');
ACLGr.initialize();
ACLGr.name = 'abcdef63eb85c2d06056abcdefabcdef'; // custom data broker script sys_id
ACLGr.operation = 'execute';
ACLGr.type = '6d9c40e9531210101cb3ddeeff7b12f6'; // ux_data_broker
ACLGr.insert();

All you need to do - replace the sys_id for custom data broker sys_id.

DHARAVATR
Tera Explorer

DHARAVATR_0-1723864662408.png

@Jon G Lind t,  getting this error? help needed ..

rkrindges
Tera Contributor

If you are doing https://developer.servicenow.com/dev.do#!/reference/next-experience/vancouver/now-components/now-rec... and it is not working, trying to create the ACL. It worked for me!

Version history
Last update:
‎12-01-2022 03:28 PM
Updated by:
Contributors