I would like to know why users assigned the [approver_user] role can view the "sysapproval_approver"

bonsai
Mega Sage

I am checking the ACLs for the "sysapproval_approver" table, but I cannot find an ACL that grants read access when the "approver_user" role is assigned...

However, in reality, assigning the "approver_user" role allows access to the "sysapproval_approver" table.

Why is this happening? Is it not being controlled by an ACL?

3 REPLIES 3

Ankur Bawiskar
Tera Patron

@bonsai 

I could see this OOTB Table.None READ ACL and it has script

did you debug that?

AnkurBawiskar_0-1783608554580.png

 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader

It appears to be controlled by a Script Include named "ApprovalDelegationUtil," but I could not find the section of the script that evaluates "approver_user."

The logic seems designed to display only those records where an approval request has been sent to the current user.
However, in reality, users assigned as "approver_user" can also see the approval status of records assigned to others.

I would like to understand how this process actually works...

Sandeep Rajput
Tera Patron

@bonsai The role check is applied at the Module level. Only the users with role approver_user can see this module.

 

Screenshot 2026-07-09 at 9.38.30 PM.png