REST Aggregate API returns "Insufficient rights to query records" for kb related tables


Description

The Aggregate API (api/now/stats/{table_name}) returns the below response even though the user has access to these records from the list view.

{
    "error": {
        "detail": "No permission to read table 'kb_knowledge'",
        "message": "Insufficient rights to query records"
    },
    "status": "failure"
}


Release or Environment

The PRB has been fixed in New York Patch 8 and higher, Orlando Patch 2 and higher, and all family versions from Paris and higher.

Cause

This is a known error reported in PRB1332230.

Resolution

To workaround this issue, you need create a table level read ACL for the affected table. For the kb_knowledge as an example, follow the below steps. 

  1. Login as admin.
  2. Elevate roles to security_admin.
  3. Go to sys_security_acl.list from the filter navigator. 
  4. Click on 'New' to create a new ACL.
  5. Set the values as below:
    1. Type: record
    2. Operation: read
    3. For the name, select kb_knowledge from the tables dropdown menu and 'None' from the fields dropdown menu.
    4. Under 'Required roles' list, add 'itil' role or the role that the affected users have.
  6. Save the record.