Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Filtering on principal class

Go to solution
KB15
Giga Guru

‎02-09-2021 09:53 AM

I'm trying to figure out what rights are needed for a non-admin to display principal classes.

From the CI table, there's a filter for principal classes. Would anyone know off hand what table/field access is required for a non-admin to show these records? Would it be a CMDB related role?

0 Helpfuls
  • 7,899 Views
1 ACCEPTED SOLUTION

Go to solution
GV Saranesh Kum
Kilo Guru

‎03-05-2021 10:07 PM

Create a Read ACL on the class cmdb_class_info to the desired roles as per your requirement, that should solve the issue.

OOB, there are no ACL's on cmdb_class_info, because of which it is stoppind non-admin users from accessing the records.

find_real_file.png

 

Please mark as correct Answer, if it resolves your issue.

 

Regards

Saranesh

 

View solution in original post

Preview file
65 KB
11 REPLIES 11

Go to solution
KB15
Giga Guru
In response to Brad Bowman

‎02-19-2021 02:06 PM

Yes, there are no warnings that there are restricted records.

The test setup is that we have a class of "IP Firewall" set as a "Principal Class" via CI Class Manager.

I go in and impersonate the user and use the preset class filter however nothing appears for him. I can manually select the class as "IP Firewall" and the records appear. So it doesn't appear to be a record visibility issue.

I see it fine as an admin via the filter. Would there be any fields to check or ACLs that could possibly prevent visibility from the filter?

I can see that there's a restriction of the cmdb_class_info table based on debug information but this ACL covers all tables without the admin role, I believe.

0 Helpfuls

Go to solution
Brad Bowman
Kilo Patron
Kilo Patron
In response to KB15

‎02-19-2021 03:20 PM

That is really weird - the non-admin can filter manually, but a similar script action yields no results.  With what the script include is doing, if they can't read the cmdb_class_info table, I guess that would make the filter fail.  Can this user see results with cmdb_class_info.list in the left nav?  If not, I can't really see a reason to restrict read access to cmdb_class_info for anyone, so you could try inactivating the ACL(s).

0 Helpfuls

Go to solution
GV Saranesh Kum
Kilo Guru

‎03-05-2021 10:07 PM

Create a Read ACL on the class cmdb_class_info to the desired roles as per your requirement, that should solve the issue.

OOB, there are no ACL's on cmdb_class_info, because of which it is stoppind non-admin users from accessing the records.

find_real_file.png

 

Please mark as correct Answer, if it resolves your issue.

 

Regards

Saranesh

 

Preview file
65 KB

Go to solution
KB15
Giga Guru
In response to GV Saranesh Kum

‎03-17-2021 06:38 AM

This seems to be the correct answer based on ServiceNow's response.

 

0 Helpfuls

Go to solution
peter_repan
Kilo Sage

‎03-16-2021 01:22 PM

Hi @KB 

did you solve it? I have the same issue. Is the ACL solution for that? 

 

In addition, maybe you also have an answer for my fresh question about principal class filter in reports? 

https://community.servicenow.com/community?id=community_question&sys_id=c9e4f9fbdb3e2c106621d9d96896199e

 

0 Helpfuls