Issue
Symptoms
State field does not display for Security Incidents for Non-Admin users when field is manipulated from Script Include which is in a scoped application
Release
All
Environment
Security Incident Response (com.snc.security_incident) plugin is activated
Cause
Field is manipulated from Script Include which is in application specific scope, but user user does not have execute operation access to client_callable_script_include Type ACL
Resolution
Add the User Role - ITIL to execute ACL of type:client_callable_script_include in the same scope.
Here is a link to the ACL, replace <instance_name> with the actual instance name:
https://<instance_name>.service-now.com/sys_security_acl_list.do?sysparm_query=operation.nameSTARTSWITHexecute%5EnameLIKEsecurity
Note: For the Security Incident scoped app, OOB ACL sys_id=196bd0450b2132008f9108e3c5673aee