Non-role (ESS) users are not able to see group (sys_user_group) records - Support and Troubleshooting

Non-role (ESS) users are not able to see group (sys_user_group) records Issue  Symptoms Non-role (ESS) users are not able to see group (sys_user_group) records when trying to select a group from any fields or variables that reference the group (sys_user_group) table.

Release All releases

Cause The users are failing the table level read ACL on sys_user_group table.

The OOB ACL: /sys_security_acl.do?sys_id=811f2ddec0a801666be07f00f34794c7

Resolution The OOB ACL checks for:

If the group has the admin role attached to it. If yes, then only users with admin role can view that group If the group has the security_admin role attached to it. If yes, then only users with security_admin role can view that group Otherwise, if the group doesn't have any of the roles above and if the user has any roles in the instance then grant that user read access to the group record The OOB ACL can be modified as appropriate to grant non-role users access, or a new similar ACL can be created altogether for the same requirement.

Additional Information Access control list rules