The CreatorCon Call for Content is officially open! Get started here.

Outsourced Service Providers ACL issue

Pavel Jaworski
Tera Contributor

‎04-15-2024 01:05 AM

Hello,

we are experiencing an issue where Outsourced Service Providers agents (sn_csm_ocs.ext_agent role) randomly lose access to Case and Case Task records. 

It seems to happen randomly in production instance and I was not able to reproduce this on purpose in our sub production instances. 

 

When it happens, they are able to open a list with the records, but once they try to open any of them they get "security constraints prevent access to requested page". I was able to confirm this by impersonating them, and when it happens it affects all of the users setup as Outsourced Service Provider. 

But when I try to investigate this by turning on debug security feature and impersonate any of them, the issue gets resolved and they are able to see the records again.

 

Since I'm not able to reproduce it, ServiceNow support won't investigate this. Like I said, it seems to happen randomly, when it first happened, it took few weeks to happen again. Last week it happened two times. To me, it seems that it could be some cache issue, but I'm not sure.

 

Has anyone experienced similar behavior? 

0 Helpfuls
  • 469 Views
1 REPLY 1

Ratnakar7
Mega Sage

‎04-15-2024 01:53 AM

Hi @Pavel Jaworski ,

 

Here are some steps you can take to troubleshoot and potentially resolve the issue:

  1. Review ACL Configuration: Double-check the ACLs (Access Control Lists) configured for Case and Case Task records to ensure that the Outsourced Service Providers have the appropriate read access permissions. Make sure there are no conflicting ACLs or conditions that might inadvertently restrict access.

  2. Check Role Assignments: Verify that the sn_csm_ocs.ext_agent role is correctly assigned to the Outsourced Service Providers who need access to the Case and Case Task records. Ensure that there are no role assignments or group memberships that might conflict with or override the intended access permissions.

  3. Debug Security Logs: Enable debug logging for security-related activities in your ServiceNow instance. Monitor the security logs for any errors or warnings that might indicate issues with access control or permissions enforcement. This can provide valuable insights into what might be causing the access issues for the Outsourced Service Providers.

  4. Cache Management: Investigate whether caching mechanisms in ServiceNow could be contributing to the access issues. Check if there are any caching configurations or settings that might be affecting access control enforcement for the Outsourced Service Providers. You can try clearing the instance cache or flushing specific caches to see if it resolves the issue temporarily.

  5. Performance Analytics: Utilize ServiceNow's Performance Analytics capabilities to analyze user activity and access patterns. Look for any trends or anomalies in user access behavior that might coincide with the occurrences of the access issues for the Outsourced Service Providers. This can help identify potential triggers or underlying causes.

 

Thanks,

Ratnakar

0 Helpfuls