Access Denied to AI Agent Studio after upgrading 'sn_aia' plugin

divyashah · yesterday

Hi Community,

I am currently facing an issue accessing the AI Agent Studio and hoping someone here might have encountered a similar situation or could point me in the right direction.

The Issue:

After recently upgrading the sn_aia plugin, I am unable to access the "Create and manage" section of the AI Agent Studio. When I attempt to load the page, I am blocked by the following error message:

"Security constraints prevent access to requested page"

Troubleshooting & Context:

I have verified my user profile and I currently hold the following roles, which should theoretically grant full access:

admin
sn_aia.admin
sn_aia.viewer

The issue only started appearing immediately after the plugin upgrade; prior to that, access was working as expected.

Screenshot of the error:

Questions:

Are there any new role requirements or ACL changes introduced in the latest version of sn_aia that I might be missing?
Has anyone else faced this "Security constraints" error specifically after an upgrade to the AI Agent Studio?
Are there any specific "fix scripts" or cache flushes required post-upgrade for this specific module?

Any leads or suggestions would be greatly appreciated!

Thanks in advance.

divyashah · 3 hours ago

Hi @warren_chan and everyone,

I raised a case with ServiceNow Support and we have successfully resolved the issue. I wanted to share the solution here for anyone else facing this "Security constraints" error after upgrading.

The Root Cause:

This has been identified as a known defect (PRB1965167).

The issue stems from recent changes to the Now Assist Admin (NAA) Fulfiller SKU entitlements. These changes cause the ACL now.agent-studio.*/ux_route to fail at the script level because the function new sn_aia.AiAgentRuntimeUtil().hasValidLicense() incorrectly returns false.

The Solution:

To restore access, we applied the following workaround by updating a system property to bypass this specific fulfiller check.

Steps to resolve:

Change your application scope to Now Assist Admin Console.
Navigate to System Properties (sys_properties.list).
Search for the property: sn_nowassist_admin.ignoreFulfillerSubscriptionCheck
Set the Value to true.
Save the record.

Once this was updated, access to the "Create and manage" page in AI Agent Studio was immediately restored.

Thanks for the help!

Glad I could share the fix. If you found this useful, a Like is always appreciated!

View solution in original post

warren_chan · yesterday

Try upgrading the following apps to latest:

Now Assist for Platform

Now Assist Admin Console

Depending on what version you are coming from and to, there are a few possibilities. We did merge some SKUs in Now Assist, and there are now baseline Generative AI features that are available without a Now Assist entitlement.

divyashah · yesterday

Hi @warren_chan,

Thank you for the suggestion.

I have gone ahead and repaired/verified that we are on the versions mentioned for those applications, but unfortunately, the "Security constraints" issue persists.

Current Plugin Versions:

Now Assist for Platform: 10.0.3
Now Assist Admin Console: 7.0.12

Instance Build:

We are currently on the Zurich release:

glide-zurich-07-01-2025__patch4-11-14-2025

Since the plugins are up to date and I have the correct roles (sn_aia.admin, admin, sn._aia.viewer), is there anything else I should check regarding ACLs or properties that might have shifted with the SKU merge you mentioned?

Any further guidance would be helpful.

Thanks!

warren_chan · yesterday

Check your skipped records table [sys_upgrade_history_log] for any unmerged conflicts in the following app scopes:

Now Assist AI Agents [sn_aia]

Now Assist for Platform [sn_genai_platform]

You'll want to prioritize any conflicts that are security, script, or UX-related. Revert any artifacts to OOB/baseline if possible.

If this doesn't get you anywhere, then you may consider opening a Support case to verify your instance entitlements to Now Assist.

divyashah · 3 hours ago