Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

query range acl

Deepanshi1
Mega Guru

‎05-19-2025 04:54 AM

Part of the query on sn_shop_purchase_order has been ignored because of insufficient access for 'query_range' operation on sn_shop_purchase_order.supplier.legal_name

 

hi i am getting this error whenever i am impersonating the user and he is trying to search in header by supplier name.

pls help.

 

supplier name is coming from supplier table

0 Helpfuls
  • 2,870 Views
7 REPLIES 7

J Siva
Kilo Patron
Kilo Patron

‎05-19-2025 05:04 AM

Hi @Deepanshi1 
Create one custom field level "query_range" ACL as required on the sn_shop_purchase_order.
It'll resolve your issue. For more info check out the below blog.

https://www.ikconsulting.com/post/understanding-servicenow-s-may-2025-query-range-acl-update-what-you-need-to-know#:~:text=In%20May%202025%2C%20ServiceNow%20released%20a%20critical,unauthorized%20%E2%80%9Crange%E2%80%9D%20queries%20to%20retrieve%20sensitive%20information.


Regards,
Siva

0 Helpfuls

Deepanshi1
Mega Guru
In response to J Siva

‎05-23-2025 12:09 AM

i tried it but didnt work

0 Helpfuls

Anurag Tripathi
Mega Patron
Mega Patron

‎05-19-2025 09:32 AM

AS part of Query Range a number of query operations get blocked like CONTAINS, STARTSWITH etc

https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/administer/contextual-securit...

 

So what you can do is create a parallel ACL (similar to what read ACL you have) and don't add the security Attribute. That should solve your issue. 

 PS. This was added buy SN to overcome a security threat. I don't know yet if my solution is SN approved or will open the instance to some vulnerability. 

-Anurag
0 Helpfuls

Deepanshi1
Mega Guru
In response to Anurag Tripathi

‎05-23-2025 12:12 AM

it didnt work out.

0 Helpfuls