User criteria does not work properly for catalog items on the ESS portal in CMS (Content Management System) DescriptionUser criteria added to a catalog item is not respected when viewing the service catalog on the CMS ESS portal. There are two separate scenarios.The first scenario occurs when a catalog item is a record producer and the content block in the catalog is a list. In this case, the catalog item has user criteria such as "user with itil role." The expected behavior is that a user with the itil role will see the item and a user without the itil role will not see the item. The actual behavior is that neither user sees the item. Additionally, any other item in the list is also not displayed, whether it has user criteria or not.The second scenario occurs when a catalog item is in an iFrame content block. In this scenario, the user criteria is not respected at all and any user, whether they have the role or not, can view the item.Steps to Reproduce As a system administrator: Navigate to Service Catalog > Catalog Definitions > User Criteria. Click New. In Name, type users with itil role In Roles, specify itil Click Submit. Navigate to Service Catalog > Catalog Definitions > Maintain Items. Find and open the record for Email Account. In the Available For related list, click Edit. Move users with itil role from the Collection list to the Available For Email Account list. Click Save. Navigate to User Administration > Users. Open the record for Abel Tuter. Ensure that Abel Tuter has no roles. Continue to the next section. As Abel Tuter: Impersonate Abel Tuter. Go to the ESS portal (type https://<yourinstancename>.service-now.com/ess/ into the browser address bar). In Order Things, click Services.Note that Email Account is listed even though Abel Tuter does not fulfill the user criteria (he does not have the itil role). Continue to the next section As a system administrator: Stop impersonating Abel Tuter and log in as system administrator again. Navigate to Service Catalog > Catalog Definitions > Record Producers. Find and open the record for Emergency Change. Ensure that the Active option is selected. Next to Category, click the lookup list icon (magnifying glass). Click New. In Title, type emergency changes. Click Submit. Next to Category, click the information icon. The emergency changes record is displayed. In the Available For related list, click Edit. Move users with itil role from the Collection list to the Available For Email Account list. Click Save. Navigate to Content Management > Pages. Find and open the record for Portal - Order Services. In Related Links, click Edit Page. Click Add Content > Content Blocks > New List. Click Add here to add the list to the middle of the page. Close the popup window. Click Click here to configure the reusable List block: Name: services list Category: service catalog Type: list_simple Table: catalog item Query: category is emergency changes Click Submit. Still logged in as an admin user, go to the ESS portal. In Order Things, click Services.Note that the list of emergency changes is displayed. This is expected behavior. There should be three changes listed: emergency change, database restore, and server reboot. Leave the ESS portal. Navigate to User Administration > Users. Open the record for Abel Tuter. In Roles, click Edit. Move itil from the Collection list to the Roles List. Click Submit. Continue to the next section. As Abel Tuter: Impersonate Abel Tuter. Go to the ESS portal. In Order Things, click Services. Note that the list of three emergency changes is not displayed. All three changes should be displayed. WorkaroundThere is no known workaround for this issue. If you are able to upgrade, review the Fixed In field below to determine the versions that have a permanent fix. You can also subscribe to this known error article (click Subscribe button at the top of the article) to receive notifications when more information is available about this issue.Related Problem: PRB668897