Cannot create user groups from scoped application

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎02-24-2020 08:32 PM

At my scoped application I want to create user groups via a business rule. 

I checked  "create" and "update" at Table "sys_user_group":

find_real_file.png

 

And I added cross scope priviledges:

find_real_file.png

But it's still not possible to create user groups:

find_real_file.png

Does anyone have any idea what I might have forgotten?

 

Preview file
40 KB
Preview file
94 KB
Preview file
24 KB
Preview file
80 KB
Preview file
28 KB
0 Helpfuls
  • 3,289 Views
1 ACCEPTED SOLUTION

Go to solution
Maik Skoddow
Tera Patron
Tera Patron

‎02-25-2020 09:01 PM

Hi everyboy,

Thank you very much for your hints and the links to further information. I have learned a lot.

After refreshing my PDI and starting from scratch, it now works as intended. I have no idea what went wrong.

View solution in original post

0 Helpfuls
6 REPLIES 6

Go to solution
Sagar Pagar
Tera Patron

‎02-24-2020 09:00 PM

Hello Maik,

 

You need to set the "Allow configuration" check box to true it will work fine. "Allow configuration" restricts whether out-of-scope applications can create application files like Business rules, New fields, Client script and UI actions.

Refer this blog for information about A securing an application cross scope application.

Securing an application using Cross Scope Access, Application Access Settings & Restrict Table Choic...

 

You may also help this thread cross scope privileges denied by table cross scope.

 

Regards,

Sagar Pagar

The world works with ServiceNow

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Sagar Pagar

‎02-24-2020 09:43 PM

I'm afraid, that was not the right solution. I checked "Allow configuration", but I still cannot create user groups at my scoped application.

It's really frustrating!

0 Helpfuls

Go to solution
Sukraj Raikhraj
Kilo Sage

‎02-25-2020 05:24 AM

Hey Maik, I have seen similar issue in the past. The article that Sagar posted is helpful in resolving the issue:

Example of creating a Record in a Group Table:

 

Application access settings are different on each OOTB tables. For example, the default Group table allows another application scope Web Service access and Read access. However, other permissions are restricted. If a script attempts to perform an operation that is not allowed, admin users see a message:

Execute operation on API 'GlideRecord.insert' from scope 'CSA' was denied. The application 'CSA' must declare a cross scope access privilege. Please contact the application author to update their privilege requests.

Evaluator: com.glide.script.fencing.CrossScopeAccessNotAllowedException: Access to GlideRecord.insert from scope x_13241_csa not allowed

In the above case, "Can Create" checkbox has to be set to true to be able to create the records in Group table.

Go to solution
Maik Skoddow
Tera Patron
Tera Patron
In response to Sukraj Raikhraj

‎02-25-2020 09:19 AM

Hi Sukraj,

as you can see in the above screenshot, I have checked "Can Create" at sys_user_group, but it's still not working. 

0 Helpfuls