Make report data visible to all users irrespective of user roles - Support and Troubleshooting

Make report data visible to all users irrespective of user roles Summary The ask is to make all records in a report visible to all users irrespective of their assigned roles.

Ex: Create a report with name 'read_all'

User A(Admin role) should be able to see all records in the report 'read_all' (Say, User A is seeing 50 records)

User B(ITIL role) should be able to see all records in the report 'read_all' (User B should also able to see 50 records)

Instructions Please follow the below steps to witness this behaviour. Below steps are replicated for the table 'incident'

Hop into your OOTB instance with default [maint,admin,itil] role. Navigate to View / Run and create a report 'read_all' on table 'incident' Save the report and Run the report. Note the number of records displayed when you run the report. Go to Share Settings and share the report to 'Everyone'. No need to provide any role for 'Everyone'. Leave the role field as blank. Save the report. Navigate to ACL Create a new ACL by clicking on New Type -> Record Operation -> Read Name -> Incident (table) Leave remaining fields as default Do not add any role (Under Requires Role) for this ACL Submit the ACL Now impersonate to any other non-admin role user (itil role user) Navigate to sys_report.list and search for the report 'read_all' Impersonated user should be able to all the records. The record count of admin user should be same as impersonated user. Related Links 1. Sharing by user, group, or role, is the primary method of sharing reports. You can use access control lists (ACLs) to control access to the underlying table or database view data. Users are able to view reports when the user does not have access rights to a data record in a data source or source table of a report. However, they are not able to see that record in a list view or in a drill-down view. Database-view-list reports require the reporting user to satisfy ACLs on the target data to view records in the list. Users without sufficient permissions see filtered list reports.

https://docs.servicenow.com/csh?topicname=c_DistributeReports.html&version=latest

2. ACLs for a table do not propagate to database views based on that table. Database views require separate ACLs.

3. Creating an ACL with no roles may impact security and integrity of the records

4. It is always a best practise to implement this solution first in SUB-PROD and notice the behaviour for at least few days with multiple users