Post Washington Upgrade, not able to commit the Update set

kamana26
Tera Contributor

‎04-24-2024 01:14 PM

Post Upgrade to washington, we are unable to commit any update set. 
Receiving error as : Canceled update set commit because update set contains records that you have not been granted access to view because they are in a different scope

 

The update set is in global scope, and tested with both delegated developer as well as users without delegated_developer role added still same error. Is anyone facing the same issue post Washington Upgrade?

 

0 Helpfuls
  • 2,004 Views
10 REPLIES 10

kamana26
Tera Contributor
In response to AndrewP28184070

‎04-29-2024 10:46 AM

The cause of the issue is that the OOB write ACL on "sys_update_xml" has been modified. 
/sys_security_acl.do?sysparm_nostack=true&sys_id=c4d769f1c0a801641086e61b9cd21f76

 

We got a feedback from support that the ACL should be reverted to OOB. Check if it is relevant for your case too?

Unable to commit update set because of error: "Canceled update set commit because update set contain...

AndyvanStei
Tera Contributor
In response to AndrewP28184070

‎08-05-2024 01:08 AM

Any updates on this issue? We also have the issue for the role servicenow_deployer

 

0 Helpfuls

Matthew Fody
ServiceNow Employee
ServiceNow Employee

‎09-03-2024 10:59 PM

@kamana26 @AndyvanStei 

Where did you get the idea to use the delegated_developer or the servicenow_deployer roles to manage upgrade sets? Per documentation, users with the admin role should be the ones committing update sets.

0 Helpfuls

AndyvanStei
Tera Contributor
In response to Matthew Fody

‎09-04-2024 04:05 AM

The customer does not users to have admin role standard active on production. 

0 Helpfuls

Matthew Fody
ServiceNow Employee
ServiceNow Employee
In response to AndyvanStei

‎09-04-2024 04:29 PM

Totally agree with not wanting to give out admin role to regular users.

So using the role servicenow_deployer was your custom solution to give your customer the ability to handle update sets? Do you have an internal review process in place to make sure those update sets are not "out of bounds" when it comes to what they are changing?

Per the docs it seems like the recommended method is to give those users the "update set picker" abilit. Then once they have made the changes, an admin reviews the update set and applies it only after it is understood what was going to change and that there are no conflicts.

0 Helpfuls