query range acl

Deepanshi1 · ‎05-19-2025

Part of the query on sn_shop_purchase_order has been ignored because of insufficient access for 'query_range' operation on sn_shop_purchase_order.supplier.legal_name

hi i am getting this error whenever i am impersonating the user and he is trying to search in header by supplier name.

pls help.

supplier name is coming from supplier table

J Siva · ‎05-19-2025

Hi @Deepanshi1
Create one custom field level "query_range" ACL as required on the sn_shop_purchase_order.
It'll resolve your issue. For more info check out the below blog.

https://www.ikconsulting.com/post/understanding-servicenow-s-may-2025-query-range-acl-update-what-you-need-to-know#:~:text=In%20May%202025%2C%20ServiceNow%20released%20a%20critical,unauthorized%20%E2%80%9Crange%E2%80%9D%20queries%20to%20retrieve%20sensitive%20information.

Regards,
Siva

Deepanshi1 · ‎05-23-2025

i tried it but didnt work

Anurag Tripathi · ‎05-19-2025

AS part of Query Range a number of query operations get blocked like CONTAINS, STARTSWITH etc

https://www.servicenow.com/docs/bundle/yokohama-platform-security/page/administer/contextual-securit...

So what you can do is create a parallel ACL (similar to what read ACL you have) and don't add the security Attribute. That should solve your issue.

PS. This was added buy SN to overcome a security threat. I don't know yet if my solution is SN approved or will open the instance to some vulnerability.

-Anurag

Deepanshi1 · ‎05-23-2025

it didnt work out.