Transaction Log new ALC's with Yokohama

dbaril
Tera Expert

‎03-10-2025 06:01 AM - edited ‎03-10-2025 06:26 AM

We recently updated our sub-prod environments to yokohama-12-18-2024.  My admin account is now unable to view entries in the syslog_transaction table.  Entries are now blocked by 2 new read ACL's.  These ACL's contain a Security Access Condition that references attribute: UserIsAuthenticated, with condition: LoggedIn=true^ORAllowUnauthRolelessAcl=true.

 

What about this condition is preventing the admin role from viewing these records?

 

 

0 Helpfuls
  • 1,771 Views
9 REPLIES 9

AbinC
Tera Guru

‎09-14-2025 09:14 PM

HI @dbaril ,

you need   to update those ACLs to allow access.

 

if you found this answer helpful please do mark it as a soloution.

 

Thanks,

Abin chacko.

0 Helpfuls

Roy Wallimann
Tera Contributor

3 weeks ago

I had the same issue and the problem was, that the System Property "glide.security.admin.override.accessterm" didn't exist. Please follow the instructions from the following article:

Users with admin role DOES NOT pass ACL (access control lists) even Admin Overrides option is true

 

Issue

If there is a ACL (access control list) on any given field and the Admin Overrides option is true (selected), users with the admin role does not pass the permissions check for this ACL rule. 

 

Cause

 If there are number of ACLs on any given field and the Admin Overrides option is false (not selected) on one of them, then the effective admin overrides for all the ACLs are considered to be false. 

 

Resolution

The new property 'glide.security.admin.override.accessterm'  is introduced in ServiceNow releases Geneva & later to enable a fix for the situations that there are number of ACLs on any given field and the Admin Overrides option is false (not selected) on one of them. Default value is true for new instances, false for upgrades.

This system property forces ACL evaluation for admin overrides at the access level. 

Solution:

1) If this system property does not exist add to the system properties table with the following values:

Name: glide.security.admin.override.accessterm

Description: When it is set to true, it evaluates the admin overridable condition at access term level.

Type: true | false

Value: true

2) If the system property exists but has a value false, set the value true.

0 Helpfuls

AbinC
Tera Guru

3 weeks ago

Hi @dbaril ,

 

The new property 'glide.security.admin.override.accessterm'  is introduced in ServiceNow releases Geneva & later to enable a fix for the situations that there are number of ACLs on any given field and the Admin Overrides option is false (not selected) on one of them. Default value is true for new instances, false for upgrades.

This system property forces ACL evaluation for admin overrides at the access level. 

Solution:

1) If this system property does not exist add to the system properties table with the following values:

Name: glide.security.admin.override.accessterm

Description: When it is set to true, it evaluates the admin overridable condition at access term level.

Type: true | false

Value: true

2) If the system property exists but has a value false, set the value true.

 

Please do mark it as helpful if you found this helpful

 

Thanks,
Abin

0 Helpfuls

Roy Wallimann
Tera Contributor
In response to AbinC

3 weeks ago

Hi Abin

Why did you copy my resolution?

Regards,

Roy

GlideFather
Tera Patron
In response to Roy Wallimann

3 weeks ago

Hi @Roy Wallimann,

 

they are copying others, my own reply was also copied by them so I checked their other replies and this is the first thing what I saw...

 

Please help me to report them to the moderators.

GlideFather_0-1764756699456.png

 

My reply:

https://www.servicenow.com/community/training-and-certifications/while-transfer-of-my-previous-servi... 

_____
No AI was used in the writing of this post. Pure #GlideFather only