Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Scheduled Reports with sn_vul_vulnerability table returning empty - ACL Issue?

Kerven
Giga Contributor

yesterday

Environment

  • ServiceNow Instance with Vulnerability Response module
  • User has roles: sn_vul.admin, report_admin, report_user, and other VR-related roles

Issue Description
I'm experiencing an issue where scheduled reports that include data from the sn_vul_vulnerability table are returning empty results, even though the same reports work perfectly when executed manually.


Scenario 1: Report using Task table as base

  • Configuration: Report using task table with filters that return records from multiple tables including VTASKs
  • Manual execution: Works correctly, returns VTASKs and other task records
  • Scheduled execution: VTASKs are missing from the Excel file sent via email, only other task types are included
  • Note: Tried "Run as" specific user with VR permissions, same result

Scenario 2: Report using sn_vul_vulnerability directly

  • Configuration: Report using sn_vul_vulnerability table directly
  • Manual execution: Works correctly, returns VTASK records
  • Scheduled execution: Excel file arrives completely empty via email

 

Investigation Done
I've already checked:

  1. ACLs: Found ACLs on sn_vul_vulnerability with scripts checking assignment_group and assigned_to
  2. Business Rules: Confirmed there are before query BRs but none seem to filter based on context
  3. User Permissions: User has all necessary VR roles (sn_vul.admin, sn_vul.read_all, etc.)
  4. Background Script Test: Confirmed that in non-interactive context (gs.isInteractive() = false), the query returns 888 records successfully

Questions

  1. Is this a known limitation of the Vulnerability Response module where scheduled reports cannot access VTASK data?
  2. Could the ACL script be causing issues in the reporting context (possibly during aggregation/joins)?
  3. Has anyone successfully configured scheduled reports that include sn_vul_vulnerability data?
  4. What would be the recommended approach to allow scheduled reports access to VR data while maintaining security?

Any guidance would be greatly appreciated!

0 Helpfuls
  • 130 Views
0 REPLIES 0