304 views

Description

When loading table schemas, ACLs with Script or Conditions incorrectly prevent users from seeing tables they can view through the UI.
 
Specific table schema url: https://<instancename>/incident.do?SCHEMA
Table List url: https://<instancename>/?SCHEMA

Steps to Reproduce

 

  1. Create an ODBC test user with soap and ITIL Admin roles.

    For more information, see the product documentation topic Creating an ODBC user.

  2. Use ODBC Interactive SQL to execute a query on incident table as ODBC test user.

    Results are returned.

  3. Close the interactive SQL.

  4. Impersonate an admin user.

  5. Navigate to /incident_list.do and configure ACLs on it.

    For more information, see the product documentation topic Create an ACL rule.

  6. Filter for read ACLs with advanced set to false.

    For more information, see the product documentation topic Access control list rules.

  7. Deactivate these ACLs.

  8. Use Interactive SQL to execute a query on incident table as the ODBC test user.

    For more information, see the product documentation topic Use interactive SQL with ODBC.

  9. Note that instead of returning results that satisfy the scripted read ACLs on the incident table, the following error message is displayed:

    [SN][ODBC ServiceNow driver][OpenAccess SDK SQL Engine]Cannot create schema.The table has not been found in the DB schema [tableName=incident]. The table might not exist in the database or the table ACLs prevent user access to it.

  10. On the instance, impersonate the ODBC test user and navigate to incident_list.do.

    The user can view the results that satisfy the scripted read ACLs on incident table.

 

Workaround

Modify or disable the ACLs that are preventing the user from seeing the table information.


Related Problem: PRB1096698

Seen In

There is no data to report.

Fixed In

Kingston

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2018-09-07 12:05:09
Published:2017-08-04