Error Message "Internal Server Error (500)" on HR Agent Workspace for HR users.Issue An error message pop-up displayed "Internal Server Error (500)" when opening the HR Agent Workspace.The error message seems to only show for HR agents who have an HR Case assigned to themselves. CauseThe issue can be caused by either Query Business Rule on sn_hr_core_case (or any of the tables extending from it) and/or a Read ACL on sn_hr_core_case.sys_updated_on preventing the user from being able to access the requested data. If the user doesn't have access to the records/fields, the "Internal Server Error (500)" error would be displayed. The logic behind the HR Workspace Landing Page calls the "Get Cards" REST Resource in Scripted REST Service "HR Landing Page Cards" (/api/sn_hr_ws/landing_page_cards)https://instance_name.service-now.com/sys_ws_definition.do?sys_id=5e3cfb0de7360010809a268b03f6a9e9Scripted REST Resource "Get Cards"https://instance_name.service-now.com/sys_ws_operation.do?sys_id=8a7c7f0de7360010809a268b03f6a9f0which calls Script Include "hr_WorkspaceLandingPageCards"https://instance_name.service-now.com/sys_script_include.do?sys_id=d82140dde7360010809a268b03f6a9e3 This and queries table "Landing Page Card List Configuration" [sn_hr_ws_landing_page_card_list_config]https://instance_name.service-now.com/sn_hr_ws_landing_page_card_list_config_list.do?sysparm_query=&sysparm_list_mode=grid If one (or more) of the cases returned by one of the above Card List Config records cannot be read because of a custom Query Business Rule, the error would be displayed. Even if there are no Query Business Rules involved, this 500 Error can still popup if the user does not have access to one of the fields listed in the _getCardFromRecord() method in Script Include "hr_WorkspaceLandingPageCards" _getCardFromRecord: function(record) { return { number: record.number.toString(), opened_at: new GlideDateTime(record.opened_at.toString()).getNumericValue(), sys_updated_on: new GlideDateTime(record.sys_updated_on.toString()).getNumericValue(), short_description: record.short_description.getDisplayValue(), priority: record.priority.getDisplayValue(), state: record.state.getDisplayValue(), table: record.getValue('sys_class_name'), id: record.sys_id.toString(), tags: this._getTags(record) };}, This script is using the number, opened_at, sys_updated_on, short_description, priority, state, sys_class_name, sys_id fields on the HR Case table. One of the most common causes for this issue is the existence of an obsolete OOB Read ACL on sn_hr_core_case.sys_updated_on. This ACL does not exist anymore in recent releases.ResolutionTo fix the issue, make sure that the following OOB Read ACLs are deactivated or deleted. These ACLs were created back in 2017 and do not exist anymore on instances created recently: sn_hr_core_case.assigned_tosn_hr_core_case.hr_servicesn_hr_core_case.numbersn_hr_core_case.opened_bysn_hr_core_case.short_descriptionsn_hr_core_case.statesn_hr_core_case.subject_personsn_hr_core_case.sys_updated_on https://instance_name.service-now.com/sys_security_acl_list.do?sysparm_query=nameINsn_hr_core_case.assigned_to%2Csn_hr_core_case.hr_service%2Csn_hr_core_case.number%2Csn_hr_core_case.opened_by%2Csn_hr_core_case.short_description%2Csn_hr_core_case.state%2Csn_hr_core_case.subject_person%2Csn_hr_core_case.sys_updated_on%5Eoperation%3Dread&sysparm_list_mode=grid Note that custom Read ACLs might also be involved and would need to be reviewed and updated accordingly to make sure all the agent workspace/case writer users will have access to the required fields.