Symptoms

State field does not display for Security Incidents for Non-Admin users when field is manipulated from Script Include which is in a scoped application

Release

All

Environment

Security Incident Response (com.snc.security_incident) plugin is activated

Cause

Field is manipulated from Script Include which is in application specific scope, but user user does not have execute operation access to client_callable_script_include Type ACL

Resolution

Add the User Role - ITIL to execute ACL of type:client_callable_script_include in the same scope.

Here is a link to the ACL, replace <instance_name> with the actual instance name:

https://<instance_name>.service-now.com/sys_security_acl_list.do?sysparm_query=operation.nameSTARTSWITHexecute%5EnameLIKEsecurity 

Note: For the Security Incident scoped app, OOB ACL sys_id=196bd0450b2132008f9108e3c5673aee