Live Message related errors

KritiSrivastava · ‎05-20-2024

Few of our users are seeing errors when working on instance. It is related to live_message. I also checked ACLs, not sure what has to be modified to resolve this. Or if there is some system property.

The error message is "Part of the query on live_message has been ignored because of read security rules on live_message.chat_message & Part of the query on live_message has been ignored because of read security rules on live_message.state".

Please help..

DChandlerKy · ‎07-11-2024

Aside from the KB article referenced in this post, here is what HI responded with:

As a part of Vancouver patch 7 and Washington patch , there was a feature added to plug a security risk where a user can query for data that they don't have explicit read access to. The error message seen in this task is because of the same feature. It is likely that the user does not have access to certain fields (the same one in the error message: "Part of the query "). This is therefore an expected error message.

There are 4 options to resolve this:
Option 1:
Allow the user read access to the field that gives the error message. A more specific role can be created with limited access should the customer choose to.

Option 2 [Washington Patch 3 and above]:
Disable this feature for the specific table. Create this System Property and set its value to true: disable_field_acl_enforcement.global=
For example: disable_field_acl_enforcement.global=live_message

Option 3 [Washington Patch 3 and above]:
Disable this feature for the specific field. Create this System Property and set its value to true: disable_field_acl_enforcement.global=.
For example: disable_field_acl_enforcement.global=live_message.chat_message

Option 4:[Before Washington Patch 3]

Disable this feature entirely for this instance. Create the following system property to prevent the errors from popping up.
Name : glide.db.encoded_query.field_acl_error_msg
Type : true | false
Value: false

I understand why we are getting the messages and I don't disagree with the logic in providing a secure environment. However, I don't agree with three of the options provided to "address" the errors (disabling acl enforcement.) Seems counter-intuitive to do that.
I am going to try creating a read ACL for itil users for the two specific fields.

LearnUseThrive · ‎07-11-2024

Here's how I fixed it:

Go to Search Experiences -> Search Applications. Find Now Experience Search Configuration and open it. It's in the Polaris app shell Application, but you'll need to be in global scope to perform the next step:

Delete Live Feed - Live Feed Messages from the Application Search Sources. If you're in Next Experience, Live Feed is not supported, so there should be nothing lost.

That's it. It shouldn't throw the error anymore after running a global search and opening a record, unless you've got it somewhere else in the Search Applications.

Matthew Frazier · ‎07-23-2024

This solved (I think) the final issues that we were having here.

Deactivating the Text Search Group didn't work. Deactivating the Search Source didn't work. Users in Next Experience were still seeing the error. (Even though the Search Source was disabled!)

Disassociating the Search Source from the Now Experience Search Configuration is what finally seems to have solved it.

And what a poor showing by ServiceNow in how they responded to this incident.

Vanessa H · ‎07-23-2024

Hey all!

Found this as I was looking up the error, and also found a cause that is relevant to our environment. You may want to review it if you are using Next Experience:

Using Live Feed (servicenow.com)

... "Important:

Core UI is required to use Live Feed. Live Feed is not supported in Next Experience. If you turn on Next Experience, Live Feed will no longer work. See Next Experience UI for more information."....

Cheers,

Vanessa