Why Can Users Without Roles See the “New” Button in Data Table Widget?

天宇石 · 3 hours ago

I’m using the widget-data-table in the Service Portal to display a list of Incidents.
However, users without any roles can still see the “New” button and are able to create new Incident records.

Why is this happening, and how can I fix it?

スクリーンショット 2026-03-16 174840.png

スクリーンショット 2026-03-16 174739.png

スクリーンショット 2026-03-16 174643.png

Tanushree Maiti · 3 hours ago

Hi @天宇石

Users without roles creating incidents often stems from missing Create Access Control Lists (ACLs) on the Incident table or unconfigured UI actions in Service Portal.

To restrict access, create a Create ACL on the incident table restricting access to snc_internal /itil roles as per your requirement.

Refer: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1443658

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

Ankur Bawiskar · 3 hours ago

@天宇石

the OOTB Table.None CREATE ACL on incident must be allowing access and hence NEW button is seen

Did you check by using Access Analyzer if that user has CREATE ACCESS or not?

Get the right access, faster: How Access Analyzer helps you work smarter

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader

suraj sengar · 2 hours ago

@天宇石

Users without roles can see the “New” button in the Service Portal Data Table widget because the widget does not enforce role checks by default — it simply mirrors the platform list view behavior. To fix this, you need to explicitly configure the widget to hide or disable the “New” button using the “Omit new button” option or by customizing user criteria/ACLs.

Why This Happens
The Data Table widget in Service Portal is designed to replicate the platform list view.

By default, the “New” button is visible to all users, regardless of roles, because the widget doesn’t automatically check ACLs or role restrictions.

This means even users without ITIL or other roles can click “New” and create records.

How to Fix It
Use the “Omit new button” option

In the widget configuration, enable Omit new button.

This removes the “New” button entirely from the Data Table view.

Users will then need to use the Service Catalog or other guided processes to create records.

Apply ACLs (Access Control Lists)

Ensure the create ACL on the Incident table requires the ITIL role (or whichever role you want).

This prevents unauthorized users from creating records, even if the button is visible.

Without ACLs, the button may still allow record creation.

Customize the Widget

If you want finer control, you can edit the widget’s client script or HTML template to hide the “New” button based on user roles.

Example: add a check for gs.hasRole('itil') before rendering the button.

Alternative Approach

Instead of exposing the Incident table directly, guide users through the Service Catalog.

This ensures they follow the proper request process rather than creating incidents directly.
Refer - https://www.servicenow.com/community/servicenow-ai-platform-blog/removing-the-new-button-from-servic...