can view bar graph but cannot view list

Go to solution
Don Tanner
Kilo Expert

‎04-05-2017 03:32 PM

While an ITIL user is viewing a  bar graph report, of Incident SLA [incident_sla], she wants to drill down to the detail but cannot.  She also cannot change from Bar to List.  Both actions get the error "Security constraints prevent access to requested page"

I am sure there is an ACL somewhere, I just don't know where to look.

Thanx in advance!!

Don

Labels:
0 Helpfuls
  • 1,854 Views
1 ACCEPTED SOLUTION

Go to solution
johnolivermendo
ServiceNow Employee
ServiceNow Employee
In response to Don Tanner

‎04-06-2017 10:49 AM

Hey Don,



Thank you for providing the screen shots. They were very helpful in seeing your issue. In this case it appears that your ITIL user is getting a security constraint message due to the simple fact that they don't have read access to the incident_sla table. If you check your ACL table (sys_security_acl) you will see that there is no acl for the incident_sla and so your users get a default deny when trying to access that list view in the report.



The fix would be to create a new read ACL for the incident_sla table and add itil role to it.



Let me know if that works for you and mark this comment accordingly if it was helpful.



Thank you


View solution in original post

8 REPLIES 8

Go to solution
johnolivermendo
ServiceNow Employee
ServiceNow Employee
In response to Don Tanner

‎04-06-2017 10:49 AM

Hey Don,



Thank you for providing the screen shots. They were very helpful in seeing your issue. In this case it appears that your ITIL user is getting a security constraint message due to the simple fact that they don't have read access to the incident_sla table. If you check your ACL table (sys_security_acl) you will see that there is no acl for the incident_sla and so your users get a default deny when trying to access that list view in the report.



The fix would be to create a new read ACL for the incident_sla table and add itil role to it.



Let me know if that works for you and mark this comment accordingly if it was helpful.



Thank you


Go to solution
Naresh27
Tera Guru

‎04-05-2017 03:58 PM

Yes what John referred you is right,


adding to it to understand the reporting roles go through Reporting roles   from ServiceNow Documentation. it tells you the roles associated in reporting module for user to edit/read



Please hit Like or Helpful depend upon the level of response.


Go to solution
Mwatkins
ServiceNow Employee
ServiceNow Employee

‎04-06-2017 12:34 PM

What happens if the user tries to access the same list of SLA records via the normal UI? Is it just the report that is getting blocked or does the user get blocked through the normal UI too? If they get blocked in both cases then it is an ACL issue. Otherwise it might be a report permissions issue. If it is an ACL issue then turn on Security Debug: Access control rules debug



The UI for the Security Debug is very user friendly and has links to the specific ACL's that are failing.


0 Helpfuls

Go to solution
johnolivermendo
ServiceNow Employee
ServiceNow Employee
In response to Mwatkins

‎04-06-2017 01:46 PM

Hey Matt,



I was able to reproduce his issue on my test instance and found it to be an ACL issue. Thanks for mentioning the ACL debug tool, that is what I actually used to help him with this issue.



Thanks


0 Helpfuls