Report sharing settings "Restrict to Roles" not working

Dennis Ford · ‎10-18-2018

I have created a report and in the sharing settings I have selected the "Everyone" radio button and entered a specific role in "Requires Role". However, users are still seeing the report on the "All" tab when looking at the reports page. I was expecting that users would no longer see the report unless they had the role I entered in the sharing settings. Am I missing something? TIA

Dennis Ford · ‎12-19-2018

We opened a HI ticket for this issue and found that this would be an issue specific to HR users. There is an OOTB ACL on the sn_hr_core.basic that is granting access to all reports. ServiceNow will be fixing this as part of a PRB, and they have advised us we can disable the ACL as a workaround. I just wanted to provide this update in case anyone else runs across the same issue.

View solution in original post

Allen Andreas · ‎10-18-2018

Hi,

Can you please show a screenshot of what you've done. I know you've explained it already and yes...you're doing it the right way, that's the point of that field, but seeing it helps confirm things. Is it really the same report and not a duplicate? What role was it that you gave? Have you tried this with a different role? Did you add the role after the fact - like forgot to add the role, update the report, then went back and added it after? Have you cleared instance cache? typing cache.do in navigation?

Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Dennis Ford · ‎10-19-2018

Hi Allen,

Thanks for your reply. Based on your feedback, I tried a few things. The initial report I used was shared with Everyone without any role restrictions, and I later added the role. I created a second report and put the role in the sharing settings from the start before I first saved the report. I have tried using a different role and have cleared instance cache. For both the first and second report, the user can still see the reports even though he does not have the role on his user profile. Here are some screen shots.

Allen Andreas · ‎10-19-2018

So in my own Dev instance, I create a report. Not sharing or anything. No one could see it. I went back in to that same report, added sharing for everyone and chose admin role. I impersonated itil, they couldn't see it. I went back to that same report, removed admin and left it open to everyone. Went back to itil user and they could see it....

I'm on Kingston Patch 9. So it should work as we both think...

The only things left that I can think of is 1) When you add the role...after clicking sharing and everyone...are you actually saving the report? I know it sounds silly to ask that, but I have to ask...not just clicking ok to add the role...but then actually clicking save.

Then the other thing would be...did you change something with ACL's?

That's about all I've got....

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Dennis Ford · ‎10-19-2018

What you described as the behavior in your Dev instance is definitely how I expected to work. We are on Jakarta patch 9. I did click OK after adding the role and then saved the report. I am having one of our developers troubleshoot it now. I really appreciate your suggestions and you taking the time to look at this. I will reply back with what our developer finds.