Why end user with snc_read_only role unable to add/edit/delete items in cart and create Request / Requested Item?Description Symptoms When an user is granted with snc_read_only role, he can create/write/delete items based on the tables setup in the following three system properties: glide.security.snc_read_only_role.tables.exempt_createglide.security.snc_read_only_role.tables.exempt_writeglide.security.snc_read_only_role.tables.exempt_delete Hence user has added the sc_request, sc_req_item tables to the above properties, but still user was unable to unable to add/edit/delete items in cart and create Request / Requested Item. Release Istanbul Cause Adding/Deleting/Editing cart, Creating request and requested item involves following tables as well apart from sc_request, sc_req_item, sc_cart, sc_cart_item, sc_item_option_mtom Resolution Adding these additional table "sc_cart, sc_cart_item, sc_item_option_mtom" along with sc_request, sc_req_item allowed the user with snc_read_only role to add/edit/delete items in cart and create Request / Requested Item. Hence the updated properties would look as below, glide.security.snc_read_only_role.tables.exempt_create = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart, sc_req_item, sc_request, sc_cart_item, sc_item_option_mtom glide.security.snc_read_only_role.tables.exempt_write = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart, sc_req_item, sc_request, sc_cart_item, sc_item_option_mtom glide.security.snc_read_only_role.tables.exempt_delete = sys_user_session, sysevent, syslog, syslog_transaction, sys_user_preference, sys_ui_list, sys_ui_list_element, sys_db_cache, user_multifactor_auth, sc_cart_item, sc_item_option_mtom NOTE: If you would like to test ordering catalog items via ATF, you must also add the sys_atf_test_result_step table to these properties. This is because the test step results will be written while the test runner is impersonating the snc_read_only user, and thus that user must be able to access these tables. Additional Information https://docs.servicenow.com/csh?topicname=c_ReadOnlyRole.html&version=latest