API call to table is failing with 403 errorIssue <!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } While attempting to access the table via an API call, a 403 Forbidden error is returned. The error message indicates “User Not Authorized” with “Failed API level ACL Validation.” Attempts to access the user table API through the REST API Explorer as an admin also resulted in the same error. The transaction logs show a “WebServicePolicyValidator: Table access denied by WebService Access Policy” error for the table(eg, sys_user). Logs: 2026-01-16 19:39:36 (211) API_INT-thread-2 D40A0FEC2BAE3210D5DCF4B14391BFA5 txid=b87a8bac2bae ProcessorValidator SEVERE *** ERROR *** WebServicePolicyValidator: Table access denied by WebService Access Policy. [tableName= sys_user]2026-01-16 19:39:36 (212) API_INT-thread-2 D40A0FEC2BAE3210D5DCF4B14391BFA5 txid=b87a8bac2bae TimingLogger #90710 [REST API] RESTAPIProcessor : User Not Authorized Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } N/A Cause<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } A stale cache prevented the access policy change—setting “Allow access to this table via web services” to true—from taking effect, which caused the 403 error despite the correct configuration. Resolution<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } 1. Reproduce the issue by sending a GET API call to the affected table using the REST API Explorer or any API testing tool, which results in a 403 response. 2. Analyze the transaction logs to identify the error “WebServicePolicyValidator: Table access denied by WebService Access Policy” for the table. 3. Verify that the sys_db_object record for the sys_user table confirms that “Allow access to this table via web services” is set to true. 4. Invalidate the cache for the affected table by running the following script from the Scripts - Background module: GlideTableManager.invalidateTable('table_name'); GlideCacheManager.flushTable('table_name'); 5. Repeat the cache invalidation steps for any other table if it exhibits the same behaviour. 6. Confirm that API calls to the affected table are now functioning as expected.