CMDB Query Builder - how to use query result in a shared report

Go to solution
Marc Halleux
Mega Expert

‎05-15-2020 08:56 AM

Hi,

I got the request from a user to create a complex report using relationship between CI in the CMDB.

I decided to use the CMDB Query Builder and was able to generate the expected result. then i followed the following doc page to create a report out of it - https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/product/configuration-management....

I shared that report with the itil user who requested it. But when the user try to access that report, the result is empty.

Obviously this ITIL user has the role - cmdb_query_builder_read and cmdb_query_builder.

Is this the right way to generate/share such a report?

BR

Marcus

 

  • 4,070 Views
1 ACCEPTED SOLUTION

Go to solution
Brandon Wilson2
Giga Contributor
In response to ServiceNow Tec2

‎09-04-2020 06:08 PM

This is still an issue when sharing reports to users. Creating a query and having a report that is created by the user and can view isn't the problem. The problem is when I want to share the report to another user or users, they cannot see the data within the report, but can view and open the report. The user has itil role and confirmed cmdb_query_builder and cmdb_query_read roles.

Looking at the read ACL for the table cmdb_qb_result_base indicates that only the user that created the query can view the results in the report. Modifying this script allowed other users to view the data and the sharing of the report was controlled by the report module instead. 

find_real_file.png

After following the KB mentioned above and the docs pages on sharing a report, the user was still only able to view the report but no data. The documentation does not indicate that the data is only visible to the original creator. As the CMDB is being leverage more, it has been increasingly popular to create more complex relational type queries and report on them. It is very common for a report to be shared with other users.

I have modified the script above in the read ACL of cmdb_qb_result_base table so that other users can view the data of the report.

View solution in original post

Preview file
70 KB
Preview file
246 KB
12 REPLIES 12

Go to solution
Claire Ashdown
Kilo Expert
In response to Brandon Wilson2

‎07-14-2021 03:01 PM

Brandon, would you be willing to share your modified code? We may need to make a similar modification.

Thanks,

Claire

0 Helpfuls

Go to solution
Gabor10
Mega Guru
In response to Claire Ashdown

‎07-15-2021 02:14 AM

Hello Claire,

I am not sure about Brandon's solution, but for my use case it was sufficient to change the ACL script to the following

answer = false;
var fields = current.getFields();
for (var i = 0; i < fields.size(); i++) {
    var fieldName = fields.get(i).getName();
    if (fieldName.startsWith("u_rel_")) {
        var val = current.getValue(fieldName);
        var rel = new GlideRecord('cmdb_rel_ci');
        if (rel.get(val)) {
			//can the user read cmdb_rel_ci records?
            var canRead = rel.canRead();
            answer = canRead;
        }
    }
}

 

Go to solution
David A2
Giga Guru
In response to ServiceNow Tec2

‎07-19-2021 10:15 AM

I agree with the comments from Brandon, Leed and Claire. This is just poor design. Why would only the query builder be able to view the results of a report? It should follow the security rules defined by the report itself

Go to solution
Jha
Kilo Contributor

‎02-15-2022 11:30 PM

Hello Team,

As checked I am not able to found any KA using the below link. Kindly advise .

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0795985

 

0 Helpfuls

Go to solution
Marek Meres
Tera Expert
In response to Jha

‎04-12-2022 04:46 AM

Hello,

Yep, it says "Knowledge record not found ". But I found KB0868465 that basically says "working as designed". Until you modify the ACL script only you will be able to see the results.

BR

Marek

0 Helpfuls