The CreatorCon Call for Content is officially open! Get started here.

ITIL user can't see few records.

abhisek
Tera Contributor

‎08-29-2025 03:33 AM

Hi All,

 

In the catalog item we have a reference field which refers to a custom table. The custom table has many records. Some are created manually, some are created through import set and transform map and some directly through the catalog item request submission. The custom table has 4 ACLs. ITIL user has read access and admin user has delete, create and write access. But the problem is, being admin when I am clicking on that reference field on the catalog item form, I can see all the records of that custom table but for itil users the records those were created through transform map and import set are not visible while clicking on the reference field.

 

Could you please help me out.

 

Thanks&Regards,

Abhisek Chattaraj.

0 Helpfuls
  • 1,218 Views
9 REPLIES 9

Shashank_Jain
Kilo Sage
In response to abhisek

‎08-30-2025 01:01 AM

@abhisek  , 

 

Check following :

  • You mentioned 4 ACLs exist on that custom table.

  • Check if one of the read ACLs has a script condition (e.g., only created_by == gs.getUserName() or role checks).

  • Imported records with sys_created_by = system won’t match → blocked.

  • Even if the table ACL allows read, field ACLs can hide the reference qualifier field.

  • Check whether the reference field on your catalog item is filtered by a condition on a field that the ITIL user cannot read.

  • Example: If your reference qualifier says active=true or u_status=xyz, and ITIL user doesn’t have read access to that field → the record is filtered out for them.

  • Does your instance has domain seperation?

 To debug properly

  • Impersonate the ITIL user.

  • Go to the catalog item → open the reference field → in a separate tab open System Security > Debug > Debug Security Rules.

  • Try to access one record that doesn’t appear.

  • You will see exactly which ACL denied read access and why.

Hope it helps!

 

If this works, please mark it as helpful/accepted — it keeps me motivated and helps others find solutions.
Shashank Jain
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

‎08-29-2025 05:00 AM

@abhisek  

so what debugging did you do?

is that itil user able to see when they directly navigate to table.LIST?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

abhisek
Tera Contributor
In response to Ankur Bawiskar

‎08-30-2025 12:36 AM

Hi @Ankur Bawiskar 

Thanks for your reply.

Yes, that itil user is able to see when they directly navigate to table.LIST

 

Thanks&Regards,

Abhisek Chattaraj.

0 Helpfuls

Shashank_Jain
Kilo Sage
In response to abhisek

‎08-30-2025 01:04 AM

@abhisek  ,

 

 

  • Open the catalog item.

  • Open the reference field

  • Pro tip: You can temporarily remove the reference qualifier to confirm it’s the culprit. If the ITIL user then sees all records in the reference field, you’ve nailed the issue.

Hope it helps!

 

If this works, please mark it as helpful/accepted — it keeps me motivated and helps others find solutions.
Shashank Jain
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to abhisek

‎08-31-2025 12:21 AM

@abhisek  

So what debugging did you do?

did you try use access analyzer?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls