Custom read-only itil role does not allow users to view Incidents even though ACLs are configured to grant access The user had created a custom role for itil, but for read-only access. The user had configured ACLs to allow access for the read-only itil users, but still they were not able to see incidents. This is because of the "incident query" query Business Rule, which does not take into account the custom role. The user was shown how turning this Out of Box (OOB) Business Rule off caused the read-only itil users to be able to see the incidents, and how turning it back on caused the troublesome behavior to occur again. The user was instructed to modify the query Business Rule to consider their custom role. After doing so, the issue was resolved.