With the May 2025 security patch, you may start seeing an error while working with reference fields in ServiceNow:

"Part of the query on <tableName> has been ignored because of insufficient access for ‘query_range’ operation on <tableName.fieldName>."

This occurs when the system enforces the query_range access control on specific fields and the required ACL is missing or incompletely configured. While this is relatively easy to spot and fix on the platform or workspace, it becomes much less visible when working in Portals or with catalog items/record producers.

In the portal, you might notice that reference fields or dropdowns simply appear blank for users. Behind the scenes, the reference qualifiers are failing due to missing/incomplete query_range permissions—but there’s no direct error message shown on the UI page.

To identify the cause, refer to KB2130442, which outlines how to debug query_range errors specifically for portal interactions. Here’s a quick guide:

1. Open browser Developer Tools.

2. Go to the Network tab.

3. Click on the affected reference field in the portal.

4. Look for the Angular record API call.

5. Check the Response tab for errors like:

"Part of the query on <tableName> has been ignored because of insufficient access for ‘query_range’ operation on <tableName.fieldName>."

In my case, I created a query_range ACL for the relevant table and field, and granted access to the necessary roles. But it still didn’t work.

That’s when I turned to the Access Analyzer tool to get deeper insights. For those unfamiliar, Access Analyzer is an access diagnostic tool that helps you evaluate what permissions a user has on a resource—and why access might be denied.  You can install the Access Analyzer plugin in a non-production instance and run diagnostics easily.

Once the plugin is installed:

1. Navigate to Analyze Permissions.

2. Enter the user(which you were using on the portal), table name, field.

3. Additionally, you can also choose a specific record that the user should have access to

4. Run the analysis.

Open the query_range record -

The tool will highlight exactly which ACL is blocking the access, making it much easier to resolve the issue without

guesswork.

From there, you can take appropriate action—such as adding a query_range ACL with the necessary roles - and then re-run the test to validate the fix. Good luck!

Disclaimer: While Access Analyzer is a powerful diagnostic tool, it may not resolve all portal-related issues. For persistent or complex problems, it's recommended to raise a case with NOW Support for further assistance.