Domain picker on Software Asset Workspace shows "Error: Could not load domain configurations."Issue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Domain picker on Software Asset Workspace shows "Error: Could not load domain configurations.", where "domain configurations" is the label of the "domain" table. The user will be able to list at least their own domain in a normal list view, showing record level APIs are not the issue:https://<instance>.service-now.com/domain_list.do The Browser debug's Javascript console will also show a 403 status error for this rest request, which is to the REST Table API, for the domain table. The instance appnode localhost log will show the error "RESTAPIProcessor : User Not Authorized" and "response_status:403": 1534434 /api/now/table/domainPage: api/now/table/domainQuery Count: 2Complete: falseDebug: false12:10:59.160 TIME = 0:00:00.000 PATH = processor/RESTAPIProcessor/execute CONTEXT = RESTAPIProcessor App: Global RC = true RULE =12:10:59.160 #1534434 [REST API] RESTAPIProcessor : User Not Authorized12:10:59.161 *** End #1534434 /api/now/table/domain, user: <sam admin user>, impersonated by: <admin user>, total time: 0:00:00.000, processing time: 0:00:00.000, CPU time: 0:00:00.000, SQL time: 0:00:00.001 (count: 2), ACL time: 0:00:00.001, source: 10.59.21.134, type: rest , method:null, api_name:null, resource:null, version:null, user_id:xxxx, response_status:403 Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Domain Separation environments Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } The instance has probably been hardened by activating the REST Endpoint ACL for the Table API. This is an out-of-box ACL, but is inactive by default. https://<instance>.service-now.com/sys_security_acl.do?sys_id=9ef8bc918733320025fbd1a936cb0bddName:Role required: snc_platform_rest_api_access If this is active, and the user does not have the snc_platform_rest_api_access role, the Software Asset Workspace can't get the list of domains due to that ACL blocking it. Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } span { font-size: 12pt; font-family: Lato; color: var(--now-color--text-primary, #000000); } h2 { font-size: 24pt; font-family: Lato; color: var(--now-color--text-primary, black); } h3 { font-size: 18pt; font-family: Lato; color: var(--now-color--text-primary, black); } h4 { font-size: 14pt; font-family: Lato; color: var(--now-color--text-primary, black); } a { font-size: 12pt; font-family: Lato; color: var(--now-color--link-primary, #00718F); } a:hover { font-size: 12pt; color: var(--now-color--link-primary, #024F69); } a:target { font-size: 12pt; color: var(--now-color--link-primary, #032D42); } a:visited { font-size: 12pt; color: var(--now-color--link-primary, #00718f); } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } You could add the required snc_platform_rest_api_access role to the sam_admin role, or sam_user role, so that any users with those roles also inherit the snc_platform_rest_api_access role. Docs: Software Asset Management roles Docs: Add a role to an existing role Note: Giving these users that role will allow them access to any table via the Table API, not just the Domain table. Record/field level ACLs would also still apply for the data in those tables, in the same wasy as when a user opens lists/forms when logged into the instance. If the pair of API Access Policies for Table API have been activated, those could also affect this.