User with delegated_developer role is unable to select update setsIssue <!-- div.margin { padding: 10px 40px 40px 30px; } table.tocTable { border: 1px solid; border-color: #e0e0e0; background-color: #fff; } .title { color: #d1232b; font-weight: normal; font-size: 28px; } h1 { color: #d1232b; font-weight: normal; font-size: 21px; margin-bottom: 5px; border-bottom-width: 2px; border-bottom-style: solid; border-bottom-color: #cccccc; } h2 { color: #646464; font-weight: bold; font-size: 18px; } h3 { color: #000000; font-weight: bold; font-size: 16px; } h4 { color: #666666; font-weight: bold; font-size: 15px; } h5 { color: #000000; font-weight: bold; font-size: 13px; } h6 { color: #000000; font-weight: bold; font-size:14px; } ul, ol { margin-left: 0; list-style-position: outside; } --> Overview Some delegated developers expect to be able to access update sets, once they are given permission to access Scoped Applications. When a user tries to access update set in scoped application, they do not have access to read/write/create update sets, or they are unable to select a specific update set. Define roles to use Update Set Picker 1. Log in as 'admin'2. If you have not done so already, grant the 'delegated_developer' user role read access to the Update Set table [sys_update_set]a) Navigate to System Security > Access Control (ACL)b) Filter by Name contains sys_update_setc) Open ACL for read, write, and created) Update section 'Requires role' to include: delegated_developer3. Navigate to System Properties table > add the system property: glide.ui.update_set_picker.role4. Set the value of glide.ui.update_set_picker.role to the role for which you want to give access,example: admin,delegated_developer Result:Enable users with 'delegated_developer' role to see the update set picker on the Settings panel. Example Steps to reproduce this behavior:1. Grant a user the role: delegated_developer- Follow this documentation to provide access permissions to Delegated Developer,https://docs.servicenow.com/csh?topicname=t_AddADeveloper.html&version=latest#developer-permissions Now, the user has access of that scoped application. It is a common request to give the user access to update sets as well. 2. Add the 'delegated_developer' role to ACLs for update set Read, Write, and Create access 3. Select an update set Result:Delegated developer is unable to select update set.Note:Additional security checks are in place to restrict access to users with the 'delegated_developer' role that prevents them from being able to create update sets. This has been introduced due to the fact that 'delegated_developer' role can be granted to users who are non-admins who are not developers. Deployment is often handled by another role/group. Additional Information Please find the documentation about deployment specific roles,https://docs.servicenow.com/csh?topicname=t_AddADeveloper.html&version=latest#d94111e395 This is mentioned in the Security Section of the Release notes,https://docs.servicenow.com/csh?topicname=platform-security-rn.html&version=latest Documentation to ensure the update set picker is available,https://docs.servicenow.com/csh?topicname=t_GrantAccessToTheUpdateSetPicker.html&version=latestIn the event that the update set picker shows "undefined" rather than showing list of active update sets, please refer to KB0744288 - User with delegated_developer role is unable to select update sets,https://support.servicenow.com/kb_view.do?sys_kb_id=0105c05ddbd03344fff8a345ca961928