Universal request roles are shown to user only when debug of ACL is activatedDescriptionIt was reported that Universal request roles sn_uni_req.universal_request_read and sn_uni_req.universal_request_write are shown to user only when debug of ACL is activated. Does not show to user on list without debugging ACL. NO ACL fails. This also was replicated OOB. STR:1. make sure d: com.snc.universal_request is activated.2. impersonate ITIL user3. go here to sys_user_role table /sys_user_role_list.do?sysparm_query=nameSTARTSWITHsn_uni_req.universal_request_read&sysparm_first_row=1&sysparm_view=&sysparm_choice_query_raw=&sysparm_list_header_search=true- note how user can not see the sn_uni_req.universal_request_read role4. as maint or admin debug ACL5. impersonate ITIL user6. open the same link/sys_user_role_list.do?sysparm_query=nameSTARTSWITHsn_uni_req.universal_request_read&sysparm_first_row=1&sysparm_view=&sysparm_choice_query_raw=&sysparm_list_header_search=true- notice how now user can see the role. Same happens with sn_uni_req.universal_request_write role EXPECTED:To see role all the time RESULT:Role is only shown when debug ACL is activatedRelease or EnvironmentAnyCauseThis is working as expected.ResolutionBeing able to see the records when ACL debug is on and user with ITIL role is being impersonated is due to a product feature.You can find the details here:SN document link detailing ACL debugging tools From the above link:"To make debugging easier, read-only access to certain ACL-related tables is enabled by default, even when impersonating a user that does not have read access to the tables. To change this functionality, set the following property to false."The app is scope administrated and scoped records can be accessed if the criteria for a scoped app record is met.Details with regard to an application administration and access control rules can be found here:SN documentation on Application administration Some of the conditions I am listing here:For an ITIL users to see these scoped roles, access can be granted if one of the conditions are met:- user with an ITIL role is also a scoped admin or admin- user has the role that is marked as assignable by for the role that we are expecting the user to see, in this case, that role is "sn_uni_req.ur_admin"- There exists a scoped ACL for the scoped record that the user is trying to read.It's a configuration issue, not a defect. As a recommendation, this issue can be fixed by assigning either a scoped admin role or assignable by role (as mentioned in the record) to the ITIL user (or by following the guidelines in the above product doc).