Repair SLA not working for non admin users. Repair modal shows loading, indefinitely. - Support and Troubleshooting

Repair SLA not working for non admin users. Repair modal shows loading, indefinitely. Issue Non admin users can't repair SLA (working for admin). When you click on the repair button and accept to continue, the pop up modal/window that appears which should show the progress of the repair shows loading and the repair doesn't start/complete.

Cause There's a read ACL on sys_execution_tracker that's executed when we try and get the Execution Tracker record. The ACL is failing because the username is too long for the field, so it's being cut off/truncated. (normal platform behaviour)

The read ACL on sys_execution_tracker uses the current user's user_name to compare it to the value within the sys_created_by as part of the read access test.

The long usernames of the affected users were being truncated to 40 characters which breaks the ACL when it should return true when testing canRead.

The user names are too long because the customer changed the user name max length on sys_user from the default 40 to 100.

Resolution There are scenarios where user names longer than 40 characters are required, and people would usually consider enlarging the OOB user_name field from 40 to a bigger number; however, doing so affects built-in system features like: system fields i.e. sys_created_by, sys_updated_by

The user name field OOB is 40 chars, which is the same as the sys_created_by/sys_updated_by fields. This is working as expected and there are no plans to change this.

See also: KB0621003 and KB0870001 for additional information on this.

See also community link for more info: https://community.servicenow.com/community?id=community_blog&sys_id=5eb2c5871b5a7bc0ada243f6fe4bcbd5

***

The customer in this scenario had changed the max length of the User ID field from the OOB 40 to 100 and this resulted in the ACL failing.

The read ACL on sys_execution_tracker uses the current user's user_name to compare it to the value within the sys_created_by as part of the read access test.

The long usernames of the affected users were being truncated to 40 characters which breaks the ACL when it should return true when testing canRead.

The customer had in excess of 900+ user names that were longer than 40 characters.

***As an alternate workaround in this scenario, we created a new READ ACL on the sys_execution_tracker table so that the OOB version doesn't block us.

We also added a condition that the Name must start with "Repair SLAs" before it allows access.

This fixed the issue for the customer