I have a list collector variable on a catalog item that is looking up records on the sys_dictionary table. There is a reference qualifier (name='cmdb_ci_business_app') to only show dictionary entries from the cmdb_ci_business_app table.

In the Service Portal, when non-admin users click on this variable, it shows "No matches found". I figured this was due to ACLs on the sys_dictionary table, so I disabled all other read ACLs, and added a new read ACL that has no role requirement, and has a condition Table | is | cmdb_ci_business_app.

End users can now see the fields on cmdb_ci_business_app on the list collector variable, but I have all these other OOB read ACLs on sys_dictionary that I had to disable in order to get mine to work.

I had to disable these because they are primarily role-based ACLs, and due to the nature of ACL order of execution, these are applied prior to the conditional ACL I created to allow all users read access. Is there any way I can allow all users to view the sys_dictionary records on the cmdb_ci_business_app table in this list collector variable without tampering with the OOB read ACLs?

Thanks!