Metric Table Security Access

Becky T_ · ‎02-28-2022

Hi Community!
We have run into an access issue. It occurs when a report viewer is attempting to drill down or view a list report that was built using the Metric [metric_instance] table. We built a database view using the Metric table and then a dashboard with reports using the same table. The end user can see the dashboard reports but, when they attempt to drill down into the report or view the list report, they get the following error.

Security constraints prevent access to requested page

The role required to create a Metric is metric_admin and obviously with this role you can view the data. However, we do not want to grant all users this role. Also, we're using HR Service Delivery and our users therefore do not have the ITIL role, nor do we want them to use that role.

As a test, we built a database view without using the metric table and the end user can see the dashboard, and report, drill into the detail and view list reports. So, the database view does not seem to be the issue.

Here is my question: Is writing a new ACL the only way to solve this security constraint? If so, is there a "standard" ACL that we can leverage to address this specific issue?

Sagar Agarwal · ‎02-28-2022

Hi Becky,

My recommendation would be to create a custom role and provide read access to the metric table to that role and add that role to the users who want to view the reports/database views using metric data.

This way a user would be able to view the drill-down data on the metric table, however, the cavitate to this is that the user would be able to read all metric data irrespective of which table that metric data belongs to.

Plus ServiceNow is also bringing something related to the Reports security caller "Report view ACL (RVAs)", which can have an effect related to reports moving forward.