50 views

Description

Users without the admin role are unable to view CI relationship information in History Sets. The Read ACL for sys_history_line checks access based on access to the parent field. Because the CI relationship records do not contain this information, non-admin users are restricted from viewing that content.

 

Steps to Reproduce

  1. Log in as a user with the admin role.

  2. Access /cmdb_ci_computer.do and create a new record named TestComputer1.

  3. Access /cmdb_ci_computer.do and create a new record named TestComputer2.

  4. In the TestComputer 2 record, click '+' on the Related Items widget and add a CI Relationship.

  5. In the Suggested relationship types section, select Connects (Child).

  6. In the Configuration Items section, locate and check TestComputer1.

  7. In the Relationships section, click '+' to add the relationship.

  8. Click on Save and Exit to return to the TestComputer2 record.

  9. Access History > List and sort descending by Update number.

    Note that as an admin user, the relationship record is displayed in the History Set.

  10. Repeat these steps as a non-admin user.

    Note that the relationship record is not displayed

    The list may contain a message that one or more rows were removed due to security constraints

 

Workaround

If non-admin users need to have visibility to this content, tadd a new Read ACL for sys_history_line to grant access.
 

Related Problem: PRB692288

Seen In

Fuji Patch 12 Hot Fix 1
Fuji Patch 13 Hot Fix 1
Fuji Patch 3
Geneva Patch 4
Geneva Patch 7
Geneva Patch 8 Hot Fix 1
Helsinki Patch 0 Hot Fix 1
Helsinki Patch 1 Hot Fix 1
Helsinki Patch 3
Helsinki Patch 4

Intended Fix Version

Madrid

Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-07-13 10:35:11
Published:2018-07-04