Why Can Users Without Roles See the “New” Button in Data Table Widget?

天宇石 · ‎03-16-2026

I’m using the widget-data-table in the Service Portal to display a list of Incidents.
However, users without any roles can still see the “New” button and are able to create new Incident records.

Why is this happening, and how can I fix it?

スクリーンショット 2026-03-16 174840.png

スクリーンショット 2026-03-16 174739.png

スクリーンショット 2026-03-16 174643.png

Kapil Pawar · ‎03-18-2026

We faced a similar issue a few days ago, and based on that experience, we decided not to implement an ACL for this requirement. Instead, we added an alternative solution by hiding the action button on the List widget using CSS, as shown below:

.btn.btn-primary.btn-sm.m-l-xs.ng-scope {
display: none !important;
}

View solution in original post

Tanushree Maiti · ‎03-16-2026

Hi @天宇石

Users without roles creating incidents often stems from missing Create Access Control Lists (ACLs) on the Incident table or unconfigured UI actions in Service Portal.

To restrict access, create a Create ACL on the incident table restricting access to snc_internal /itil roles as per your requirement.

Refer: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1443658

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

Ankur Bawiskar · ‎03-16-2026

@天宇石

the OOTB Table.None CREATE ACL on incident must be allowing access and hence NEW button is seen

Did you check by using Access Analyzer if that user has CREATE ACCESS or not?

Get the right access, faster: How Access Analyzer helps you work smarter

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · ‎03-16-2026

@天宇石

Hope you are doing good.

Did my reply answer your question?

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

天宇石 · ‎03-17-2026

@Ankur Bawiskar

In my instance, the snc_internal role is not included in the Requires role of the ACL you mentioned. It is still OOTB, and I haven’t modified anything.