User can access table, but can't report on table

John Diaz · ‎08-09-2017

I have a user that has access to the cmdb_ci tables - read, write, create.... but when they go to try to run a report on the table, it doesn't show in the list. I went through all the ACLs, and there is nothing in there that would stop from from reading the data. Any ideas of what I could be missing? They also have all necessary roles to create and run their own reports.

I've tried to create a report myself, and share it with him. In that case, he can see the report and all the data, but it says 'due to security restraints, the report is read only' and he can't edit the report at all.

John Diaz · ‎08-09-2017

So i found the issue.

We had a report_on ACL on the * table (global) that was set to report_admin role. There were then report_on ACLs on Incident and Task tables that were set to itil. So this is why he was able to report on those tables (which is all he needed so far).

I created report_on ACLs set to the asset role on both the alm_asset and cmdb_ci tables, and now he can report on what he needs to.

Thank you everyone!

View solution in original post

Harsh Vardhan · ‎08-09-2017

this report belong to particular group or users. if it's then this user is a part of that.

have you shared this report?

shruti_tyagi · ‎08-09-2017

Hi John,

Did you checked the roles Harsh mentioned in his last update.

we have this write ACL on sys_report table, that only allow these cases to write reports:

A user may update his own reports and may update global reports if he has the report_global role.

He may update his groups' reports if he has the report_group role.

A user with report_admin role can update any kind of a report.

Here is the ACL:

https://<instance_name>.service-now.com/sys_security_acl.do?sys_id=8fe36cefc0a80165000e52530a8763d7

https://docs.servicenow.com/bundle/istanbul-performance-analytics-and-reporting/page/use/reporting/t...

Please let me know if this helps

Shruti