Notifications

1265 views

Description

Dashboard shared with ITIL users isn't accessible to them though it is shared with users.

When a user tries to access the dashboard shared with him/her it shows the message as "Dashboard hasn't been shared with user". 

A variation of the same issue is also that the users are able to load the dashboard correctly, however, the widgets in the tabs do not load and show the spinner indefinitely. There are no errors in the browser console. 

 

Steps To Reproduce


1) Create a dashboard in a different scope not global. For eg: "Security Incident' scope or "Human Resources: Performance Analytics" scope. 

2) Share the dashboard with a user with a non-admin role.

3) Impersonate the user and try to access the dashboard that was shared. 

Result: The user sees a message that "the dashboard is not shared with you" or the variation of the issue that the widgets show a spinner and dashboard never loads. 

Cause

By default, when application administration is enabled for a scoped application, ACL rules for the scoped application are applied. 
If you want to allow your scope to access pa_dashboards, because there are already ACLs defined on pa_dashboards table but out of your scoped app, the solution would be to inherit those ACLs.
 
1) For reference: https://docs.servicenow.com/bundle/kingston-application-development/page/build/applications/concept/ACL-access-checks.html
 
2) Set the system property "glide.security.scoped_administration.honor_global_acl" to true
 
3) For each table that you want to access to, create a record in "sys_scoped_admin_acl_inheritance" table
 
- Make sure that you are logged in within the right scoped
 
- The user which is logged in is the admin of the scope
 
- Here is more about it: https://docs.servicenow.com/bundle/kingston-application-development/page/build/applications/task/inherit-global-acls.html 

Resolution

To correct the issue, a user can take the following steps. Required Roles: admin

1) Login to the instance as admin. 

2) Set the system property "glide.security.scoped_administration.honor_global_acl" to true.  In many cases this property is already set to true, so additional update is not necessary

3) Switch the scope to the scope where the dashboard is created in. The user should be that application administrator.

4) Navigate to list view for the table "sys_scoped_admin_acl_inheritance". https://<INSTANCE_NAME>.service-now.com/sys_scoped_admin_acl_inheritance_list.do 

5) Create a new record if not present already, select the table name as pa_dashboards. Submit. 

6) Create a new record for each of the following tables: Portal Page[sys_portal_page], Tabs[pa_tabs], Dashboard Permissions [pa_dashboards_permissions]

If reports have the same issue, after Step 4, create a new record for each of the following tables: Reports[sys_report], Report Users and Groups[sys_report_users_groups]

If you have non-responsive dashboards enabled on the instance, (See how to find if you have non-responsive dashboards) along with the steps and tables mentioned in Step 6, you might need to add another table Dashboard Tab [pa_m2m_dashboard_tabs]

 

 

Additional Information

**Note, these steps above are limited to the issue when loading a dashboard. If individual widgets on the dashboards are in the non-global scope, and the errors show while loading the widgets, additional settings might be needed. Please contact support for any additional questions/concerns. 

Article Information

Last Updated:2019-10-22 13:03:57
Published:2019-10-22