Random "Restricted Caller Access Privilege" Customer Update Generated

Von Naval
Tera Contributor

‎02-01-2023 12:09 AM - edited ‎02-01-2023 05:27 AM

Hi. While I was creating an inbound action, event to fire a notifcation, and that notification, I noticed in my update set, a random customer update set was generated.

I have no idea what type this is, nor why is it pointing to the ACL table.

Anyone know what this is?

Inkedimage.jpg

image.png

0 Helpfuls
  • 4,778 Views
4 REPLIES 4

shivangi k
Kilo Sage

‎02-01-2023 12:36 AM

Hi @Von Naval,

 

Restricted caller access defines cross-scope access to applications. So, to set access for the entire application, or to pre-approve or deny future requests from a cross-scope script or application, you can create a record in the Restricted Caller Access Privileges [sys_restricted_caller_access] table.

 

Cross scope access allows administrators to manage out-of-scope access to application resources by creating a list of operations and runtime privileges that the application authorizes to run on the target instance.

 

So, if you are working on scope based application please check. This record may got created to provide access on scoped application.

 

Please mark helpful if it helped you.

Regards,

Vasantharajan N
Giga Sage
Giga Sage

‎02-01-2023 03:08 AM

This is because of the Cross-Scope access between the scoped application. In your case, your application (default ACL in Global scope on sys_email table) is trying to get read access on a table in another scope. Hence it's added automatically when you do the testing. 

 

You can refer to the link below to more about "Restricted Caller Access Privileges"

https://docs.servicenow.com/en-US/bundle/tokyo-application-development/page/build/applications/conce...


Thanks & Regards,
Vasanth
0 Helpfuls

Von Naval
Tera Contributor

‎02-01-2023 05:33 AM

Thank you @Vasantharajan N  and @shivangi k  for your insight, with that being said, if I considered getting rid of this record in the [sys_restricted_caller_access] table, will it affect whatever record that I was updating stop working?

I want to trace how did I manage to have this record.

The only possible outcomes I could think of based on the reference from you guys, is when I created an Event Registry or Notification whose table field is the [sys_email] table.

0 Helpfuls

shivangi k
Kilo Sage
In response to Von Naval

‎02-01-2023 05:39 AM

Hi @Von Naval ,

 

This record was created to provide you read access in sys_email tabel.

If you will delete this record you won't be able to read from data from sys_email table.

 

Please mark helpful if it helped you.

 

Regards,