Access Denied to AI Agent Studio after upgrading 'sn_aia' plugin

divyashah · 3 weeks ago

Hi Community,

I am currently facing an issue accessing the AI Agent Studio and hoping someone here might have encountered a similar situation or could point me in the right direction.

The Issue:

After recently upgrading the sn_aia plugin, I am unable to access the "Create and manage" section of the AI Agent Studio. When I attempt to load the page, I am blocked by the following error message:

"Security constraints prevent access to requested page"

Troubleshooting & Context:

I have verified my user profile and I currently hold the following roles, which should theoretically grant full access:

admin
sn_aia.admin
sn_aia.viewer

The issue only started appearing immediately after the plugin upgrade; prior to that, access was working as expected.

Screenshot of the error:

Questions:

Are there any new role requirements or ACL changes introduced in the latest version of sn_aia that I might be missing?
Has anyone else faced this "Security constraints" error specifically after an upgrade to the AI Agent Studio?
Are there any specific "fix scripts" or cache flushes required post-upgrade for this specific module?

Any leads or suggestions would be greatly appreciated!

Thanks in advance.

divyashah · 3 weeks ago

Hi @warren_chan and everyone,

I raised a case with ServiceNow Support and we have successfully resolved the issue. I wanted to share the solution here for anyone else facing this "Security constraints" error after upgrading.

The Root Cause:

This has been identified as a known defect (PRB1965167).

The issue stems from recent changes to the Now Assist Admin (NAA) Fulfiller SKU entitlements. These changes cause the ACL now.agent-studio.*/ux_route to fail at the script level because the function new sn_aia.AiAgentRuntimeUtil().hasValidLicense() incorrectly returns false.

The Solution:

To restore access, we applied the following workaround by updating a system property to bypass this specific fulfiller check.

Steps to resolve:

Change your application scope to Now Assist Admin Console.
Navigate to System Properties (sys_properties.list).
Search for the property: sn_nowassist_admin.ignoreFulfillerSubscriptionCheck
Set the Value to true.
Save the record.

Once this was updated, access to the "Create and manage" page in AI Agent Studio was immediately restored.

Thanks for the help!

Glad I could share the fix. If you found this useful, a Like is always appreciated!

View solution in original post

warren_chan · 3 weeks ago

Yes, this was one possible outcome. I will say that the "sn_nowassist_admin.ignoreFulfillerSubscriptionCheck" property shoudl be ServiceNow maint-level read/write only, so you likely won't see it yourself.