Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Security constraints prevent access to Report on Database View

Go to solution
andypollino
Mega Expert

‎07-19-2017 09:40 AM

Howdy folks,

I'm creating a report on a database view that I want to share with some ITIL users. The report looks great for me, but when I impersonate one of my users, I'm treated to the message "Security constraints prevent access to requested page."

I consulted this page:

http://wiki.servicenow.com/index.php?title=Database_Views#ACLs_and_Database_Views

and it was pretty uninformative since it didn't tell me which ACL I needed to create. I've now created a read ACL that allows ITIL users to read the following things:

1. sys_db_view

2. sys_db_view.*

3. task

4. task.*

5. cmdb_ci_server

6. cmdb_ci_server.*

7. sys_db_view_table

8. sys_db_view_table.*

9. sys_db_view_table_field

10. sys_db_view_table_field.*

My user still can't view the report (a db_view joining task and cmdb_ci_server, both of which he could already read). How do I fix this?

0 Helpfuls
  • 4,960 Views
1 ACCEPTED SOLUTION

Go to solution
neena_narayanan
ServiceNow Employee
ServiceNow Employee

‎07-19-2017 09:51 AM

Hi Andy,



Did you create a Read ACL for the database view itself? For example, if your database view is called "task_survey_detail", you will have to create a read ACL for task_survey_detail.


View solution in original post

3 REPLIES 3

Go to solution
neena_narayanan
ServiceNow Employee
ServiceNow Employee

‎07-19-2017 09:51 AM

Hi Andy,



Did you create a Read ACL for the database view itself? For example, if your database view is called "task_survey_detail", you will have to create a read ACL for task_survey_detail.


Go to solution
andypollino
Mega Expert
In response to neena_narayanan

‎07-19-2017 09:55 AM

Ahhhhh man. I didn't see my database view in the System Definition > Tables list, so I assumed it wasn't available for ACLs.



Thanks a bunch!!


0 Helpfuls

Go to solution
shruti_tyagi
ServiceNow Employee
ServiceNow Employee

‎07-19-2017 09:53 AM

Hi Andy,



Have you created ACL on the DB view itself?



Starting with Fuji, we are doing an additional tableLevelACLAllow() check when displaying a list. After upgrade, a non-admin user will not have access to database view records unless a read ACL is created directly on the database view (just like other tables).



ServiceNow KB: Database View records require read ACLs created for non-admin users after upgrade to ...



Thanks


Shruti


If the reply was informational, please like, mark as helpful or mark as correct!