User with Itil role are not able to access sys_history_set table

deepum · ‎02-28-2024

Hello all,

I am facing an issue where user has itil role and that role is added the glide.history.role property along with few other roles. I have an read ACL on this table with itil role added. Despite everything in place, the user cannot able to access the history. They can see the history option when they try to access it from the incident table(example table) but once they click it says "Security constraints prevent access to requested page"

Can any one help/advise on this please. Thank you !

deepum · ‎06-05-2024

HI ticket has been submitted for this issue.
This is not a product defect but a change since Vancouver Patch 6.
ServiceNow response is "By default, the List History option is available for the users with Admin role. To enable this option to non-admins, create a custom ACL rule granting read access to the Record History table"

View solution in original post

deepum · ‎02-28-2024

Thank you for the response. But we are in Utah version now. This looks good and easy to analyze.

Anything for UTAH version on what might the issue?

Tony Chatfield1 · ‎02-28-2024

Hi, this is OOB functionality and you should not need to add custom ACL's to the solution.
If you are sure glide.history.role is correctly configured as a comma separated list with your required roles, the user(s) involved has the correct roles, then I would log a case with now support team asking them to investigate.

- But first I would remove all customizations.

deepum · ‎02-28-2024

No custom ACL has been added. It was working fine till now. We are seeing this issue very recently.
May be I will log a case with ServiceNow.

Riya Daniel · ‎03-20-2024

I am facing the same issue.

Sumanth16 · ‎02-28-2024

Hi @deepum ,

Please refer to below thread:

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0724318

To change this list of roles who can view this history, the following steps should be performed on the instance:

1. First, the instance should be logged into with an account having admin rights to the instance.

2. Once logged into the instance with the appropriate access level, the System Navigator should be used to navigate to location: System Properties -> System.

3. The System Properties properties page will appear. The system property on the page should be located with the header "List of roles (comma-separated) that can access the history of a record."

In a new out-of-box system, this property will be repopulated with the string itil, corresponding to the itil role on the system.

This field can then be populated with a comma-delimited list of role names that should be allowable to review the activity history list which is displayed within certain record types.

4. After adding the appropriate role name in the field, one of the two Save buttons on the form should be clicked to record the changes. One such Save button is on the upper right corner of the properties page form and another at the bottom of the page form.

Note that this will then allow members of the assigned roles to view the History Calendar view of the record by default.

5. In order to view the History -> List option, an Access Control (ACL) record associated to that menu option must be created on the instance, however, admin accounts have access to this History List by default. Thus, a new ACL record should be created for the sys_history_set table with the view Operation rights and with the roles who should have access populated in the Requires role list.

Once this ACL is in place, anyone in the selected roles should then be able to access both the Calendar History view and the History List for the selected record.

*Note that if a particular table is not configured to enable auditing, the History List option will not be found in the menu regardless of the user's permissions.

If I could help you with your Query then, please hit the Thumb Icon and mark it as Correct !!

Thanks & Regards,

Sumanth Meda