On a converted instance from Express to Enterprise, users who have the catalog_admin, catalog_editor, catalog_manager, or catalog roles are unable to access most of the modules of the Service Catalog application. Even after giving access to some of these modules, the users are still unable to access them due to ACLs on some of the tables.

Steps to Reproduce

  1. Open any instance converted from Express to Enterprise.

  2. Open the Service Catalog application record.

    Note that most of the modules that are children of this application have the admin role, preventing users with catalog roles from accessing these modules. Also, many ACLs on Service Catalog tables that give access to catalog, catalog_admin, catalog_manager, and catalog_editor roles have been disabled.




This list of modules provides the ACLs on Service Catalog tables and the differences these records have from the ones on Enterprise.
  • sys_app_application – As a workaround, add the roles that Enterprise has to sys_app_application.

     Name Roles on a converted instance Roles on Enterprise
    Service Catalogitilcatalog, itil, catalog_manager, catalog_editor


  • sys_app_module – As a workaround, add the roles available on the Enterprise to the application on a converted instance.

     Name Roles on a converted instance Roles on Enterprise
     Open records itil cataog, itil
     Requests itil catalog, itil
     Items itil catalog, itil
     Tasks itil catalog, itil
     Catalog  Definitions admin catalog_admin, catalog_manager, catalog_editor
     Maiantain  catalogs  admin catalog_admin
     Categories admin catalog_admin
     Catalog items  admin catalog_admin
     Content items admincatalog_admin 
     Order guidesadmincatalog_admin
     Record producers admincatalog_admin
    User criteriaadmin, catalog_adminuser_criteria_admin
    Execution plansitil_admincatalog_admin
    Catalog client scriptsadmincatalog_admin, catalog_manager, catalog_editor
    Catalog UI policiesadmincatalog_admin, catalog_manager, catalog_editor
    Catalog variablesadmincatalog_admin
    All variablesadmincatalog_admin
    Item varaiblesadmincatalog_admin
    Plan variablesadmincatalog_admin
    Variable setsadmincatalog_admin
    Mobile layoutadmincatalog_admin


  • sys_security_acl

    These ACLs are typically deactivated on conversion to prevent itil users and end users from seeing additional modules or tables. Workaround: Go through the ACLs and activate the ones that are necessary.

     ACL operation Roles sys_id
     item_option_new.* read catalog_manager, catalog_editor, catalog_adminnot specific, varies from instance to instance 
    item_option_new  read catalog_manager, catalog_editor, catalog_admin 8cd4fc1c371210008bf640ed9dbe5d0d
     sc_category_user_criteria_mtom read catalog_admin c5a56d02c3202100c8b837659bba8f7c
     sc_category_user_criteria_no_mtom read catalog_admin ae3ad602c3202100c8b837659bba8fab
     sc_cat_item_dt_approval.* read catalognot specific, varies from instance to instance
     sc_cat_item_user_criteria_mtom read catalog_admin e607a94367211200c4098c7942415a02
     sc_cat_item_user_criteria_no_mtom read catalog_admin a38a86c367211200c4098c7942415ae7
     sc_ordered_item_link read catalog_admin, catalog2b774e743791300054b6a3549dbe5d59
     sc_ordered_item_link.* read cataolog_admin, catalognot specific, varies from instance to instance
    sc_requestwritecatalog_admin, catalog80c95455c0a8016602a1b5cd8054ecbf
    sc_req_item.quantiitywritecatalog297c1e963732300054b6a3549dbe5dbc, b85048403703300054b6a3549dbe5d3e
    user_criteria.*readcatalog_manager, catalog_editornot specific, varies from instance to instance



Related Problem: PRB1171281

Seen In

There is no data to report.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2017-09-08 00:28:49