How can I make only one specific report read‑only for end users?

NowNinja727 · 3 weeks ago

Hi everyone,

I’m looking for guidance on restricting edits to a single report ....

We have a use case where one particular report should be read‑only for end users. The issue we’re seeing is that users often open the report, change the filter conditions, and re‑run it — which causes confusion because the data shown no longer matches the intended definition of the report.

The key requirement here is:

Only one specific report should be non‑editable
End users should still be able to view but not able to change the filter & run the report
But they should not be able to modify the filter conditions or save changes
Other reports must remain editable as usual

I’m exploring whether this can be achieved using ACLs without affecting other reports, or whether there is another recommended pattern for locking down a single report while keeping general reporting functionality intact for users.

Has anyone implemented a targeted “read‑only report” configuration like this?

Looking for best practices or potential ACL/scripted approaches.

Thanks in advance!

VaishnaviK3009 · 3 weeks ago

Hi @NowNinja727 !!

You can achieve this by using a UI Script targeting the Report Viewer page (report_viewer.do). Here’s the approach:

Create a UI Script in your instance:
- Navigate to System UI → UI Scripts

(function() {
  // Replace with the sys_id of the report you want to lock
  var lockedReportSysId = 'YOUR_REPORT_SYS_ID_HERE';

  window.addEventListener('load', function() {
    var urlParams = new URLSearchParams(window.location.search);
    var reportSysId = urlParams.get('sysparm_report');

    if (reportSysId === lockedReportSysId) {
      // Disable filter inputs
      var filterInputs = document.querySelectorAll('.filter-container input, .filter-container select');
      filterInputs.forEach(function(input) {
        input.disabled = true;
      });

      // Disable Save / Save As buttons
      var saveButtons = document.querySelectorAll('button.save-report, button.save-as-report');
      saveButtons.forEach(function(btn) {
        btn.disabled = true;
        // Or hide: btn.style.display = 'none';
      });
    }
  });
})();

How it works:
- Script detects the report by sys_id from the URL.
- If it’s the locked report:
  - Filter inputs are disabled.
  - Save buttons are disabled/hidden.
- Other reports remain editable as normal.
Notes:
- This works only on the Report Viewer page, not on forms.
- You may need to adjust CSS selectors (.filter-container, button.save-report) depending on your ServiceNow version.
- Optional: Combine with ACL on the report record to prevent server-side edits if needed.

Mark this as Helpful if it clarifies the issue.
Accept the solution if this answers your question.

Regards,
Vaishnavi
Associate Technical Consultant

Ankur Bawiskar · 3 weeks ago

@NowNinja727

you can create WRITE ACL on sys_report table

Condition: Name = Your Report Name

Advanced Script:

answer = false;

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

NowNinja727 · 3 weeks ago

Thanks for the reply @Ankur Bawiskar , I tried but its not working still the end user can edit the filter & run the report , please see the below ACL configuration and let me know if anything is wrong in there, thanks>

Ankur Bawiskar · 3 weeks ago

@NowNinja727

share screenshot where user is able to edit the report filter condition?

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader