Vendor contacts are not able to see Vendor risk assessments on Vendor PortalIssue core_company is a shared table among multiple applications. Using table ACLs instead of field ACLs on core_company table, you can help ensure that access control is consistent and manageable across multiple applications. If a field ACL is added for roles that belongs to one application, it blocks other roles (vendor_contact in this case) from other applications. In general, field ACLs should be used sparingly and only when necessary. In addition, The correct roles on vendor contact should include snc_external and vendor_contact. A vendor contact is an external user and should not have any internal role.CauseWhen vendor contact tries to get a list of assessments through the the server side script on vendor portal's widget (svdp_assessment_list), the request includes to retrieve the name and sysId of the vendor (core_company record). However there are field READ ACLs on table core_company and they do not specify vendor_contact as an allowed role. Therefore the request to get a list of assessments has been blocked.ResolutionDisable all field Read ACLs on core_company table, like core_company.*, core_company.name.Make sure that vendor_contact contains snc_external role and vendor_contact role, does not contain any internal roles like snc_internal role.