How many times business users complained about the report access in a dashboard? Hmm… at least, I heard this multiple times in different projects. There are couple of reasons that business users unable to access reports even though they have the right permissions to the Dashboard. One of the major and frequently noticed issue is Access to this content denied based on report_view ACLs.
What is the reason behind getting this message? Well, the error message itself explains that the report on the dashboard doesn’t have proper access. For an example, “Open Incidents by Category” report generated on Incident table and added to “Incident Management” dashboard. Both dashboard and reports are shared to a business user who has only “itil” role, on the incident table “report_view” acl applied with “itil_admin” role. However, business user doesn’t have “itil_admin” role. In this case, when user try to access the dashboard, under that specific report ‘Access to this content denied based on report_view ACLs’ message can be displayed
Before Rome version, as an admin or implementor we need to debug the issue and identify which ACL and what role is causing this issue and manually add the role/group to the business users who reported the issue.
We must repeat the same process again and again, each time a user reports this issue and there is no track and easy way to overcome this issue.
After Rome release, a cool new feature Request Access is enabled so that users can see the display ‘Access to this content denied based on report_view ACLs’ message along with a actionable button called “Request Access”
When user clicks on the button, a new request record can be created in Report Access Requests (sys_report_access_request) table. This request can be approved/reject by the Report Access Request Approvers (default group created by system from Rome release) group members.
Here are the steps and process of Report Access Requests functionality
User submitting the access request
After the request submission and before the approval/rejection.
Report Access Requests: Group members will get notified, whenever a request is submitted.
Verify the Request and take appropriate action (Approve/Reject)
If Approves, the required roles can be added to the requestor and can view the report data.
If Rejects, “Access denied” message can be displayed.
If no users added to the Report Access Request Approvers group, “Request for access could not be created, please contact your administrator” message can be displayed.
Note: User’s do not receive a notification that an approver has granted or denied access.
For more details refer ServiceNow Docs.
