Controlling access of reporting on system tables

By default, the system prohibits using the vast majority of system tables (tables with a prefix of sys) as the table data source of reports.  This is for a variety of reasons, mainly due to the fact that most system tables are some of the target in the instance and reporting on such tables can have performance impacts on the instance.  The system tables that are, by default, set to prevent being used as a reporting data source include, but are not limited to, the following:

• sys_audit
• syslog_transaction
• sys_attachment
• sys_email
• syslog
• sys_history_line
• syslog_app_scope

However, in certain cases the need may arise to report on one or more of these system tables.  Alternatively, a system table may have been previously removed from said list and will need to be re-added to prevent it from appearing as a potential data source for creating reports.

This behavior is controlled by a specific system property with the name glide.ui.permitted_tables.  Any table name that begins with the three characters sys and is NOT in the list of values set for this property will thusly be unable to be selectable as a table name when a user is selecting a table as the source for any report.  This article will describe the steps needed to add or remove a table from this system property to allow or disallow reporting on that table.

1. Log in to the instance with an admin account.
2. Browse to the following location on the instance: System Properties > UI Properties.
   
   • The UI Properties page will appear.
3. Locate the property on the page with the heading List of system tables (beginning with "sys_", comma separated) that are reportable. By default, system tables are not reportable.
   
   
   The text field below the heading will contain a comma-delimited list of table names that, although they begin with the prefix sys can still be selectable as the table source for a report in the reporting interface.  Thus, any report name that is found in the list can still be selected to allow reporting.
   To add a new report to this list of allowable system tables for reporting, simply click in the text field and use the arrow keys to move the cursor to the end of the value that is currently shown in the field. After the last text which is currently already found in the field, add a comma and the exact name of the system table for which you want to allow reporting (i.e. ",sys_email").
   
   
   
   Similarly, to remove an existing table name in the field, locate the field name in the string and remove the full table name as well as the trailing comma.
   
   
   
   
4. Save your changes when you're done. There's a button at top of the form and another at the bottom.
5. Once these steps have been completed, the next time you go to the report module, the table list will reflect the changes to the system tables that are either added to or removed from the dropdown list.
   
   

As indicated previously, the built-in system tables can be quite large and reports on these tables can potentially cause performance issues or take a long time to render, thus caution should be exercised when modifying this list to ensure no issues are caused.  In addition, the audit-related tables can sometimes contain data that a user may not normally have access to, so care should also be taken when determining which tables or data from those tables might be viewed in a report by end-users.

This list of allowable system tables for reporting access is actually contained in a specific system property, with the steps above using a special properties page to update the value. The property could also be updated by accessing the sys_properties table directly and editing the value of the property with the name glide.ui.permitted_tables.

The following ServiceNow Docs site page gives additional information regarding the procedure to update this property as well as data regarding reporting on system tables: Reporting on System Tables