Filter report assessment scans

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Especially on large instances, the ACL Assessment for Reports can take a long time. To reduce the assessment time, you can use system properties to filter the reports that the assessment applies to.

    Before you begin

    Roles required: admin and security_admin.

    You can work with all the properties in the ACL Assessment for Reports except two:
    • sn_report_acl.com.par_report_acl_assessment.report_view.sys_ids
    • sn_report_acl.glide.script.block.client.globals

    Procedure

    1. Navigate to All > System Properties > All Properties.
    2. Filter the list to show only the properties that contain report_acl in the name.

      System properties list header with Name filter option *report_acl entered
    3. Filter out the properties sn_report_acl.com.par_report_acl_assessment.report_view.sys_ids and sn_report_acl.glide.script.block.client.globals.

      Filtered list of report ACL system properties
    4. Use the remaining properties to configure the assessment scan.

    Report assessment system properties

    Use these properties to configure the ACL Assessment for Reports scan.

    To configure system properties, navigate to sys_properties.list and filter on the property name.

    Property Description
    sn_report_acl.run_scan_with_queryNoDomain Only valid on domain-separated instances. Defines whether the app considers the user domain when you run the query. If false, the security_admin gets results only for the domains they have visibility to. A global security_admin can set the property to true and retrieve the results for all the domains on the instance. The individual security_admins can then view the collected results for their own domains. For more information, see Report assessment and domain separation.

    If you set this property to true on an instance that is not domain separated, then the assessment runs as a normal query.

    If you delete this property, the default value in the code is false.

    Type: true/false

    Default: false
    sn_report_acl.add_encoded_query_for_sys_report_table Allows security admin users to add an encoded AND query condition to the query that the assessment scan is executing on the sys_report table. For example, you can add an encoded query that evaluates reports only on specified tables.

    The validity of the encoded query is the user's responsibility. For performance reasons, the app does not validate additional queries in code before execution.

    If you delete this property or it has an empty value, then the assessment scan runs with the original conditions only.

    Type: string
    sn_report_acl.com.par_report_acl_assessment.collect_dotwalk Determines whether the app checks dot-walked fields for affected reports.

    When false, the performance of the app improves, but the app gives only a subset of the total results.

    Type: true/false

    Default: false
    sn_report_acl.add_encoded_query_for_sys_user_table Allows security admin users to add an encoded AND query condition to the query that the assessment scan executes on the sys_user table. For example, you can add an encoded query that evaluates only specified roles.

    The validity of the encoded query is the user's responsibility. For performance reasons, the app doesn’t validate additional queries in the code before execution.

    If you delete this property, or it has an empty value, then the assessment scan runs with the original conditions only.

    Type: string
    sn_report_acl.process_reports_executed_within_X_days_ago Defines the maximum number of days since the last time that a report was viewed by any user that the app considers when running the assessment scan.

    Type: Integer

    Default: 365
    sn_report_acl.run_scan_based_on_report_execution_only The scan calculates the number of executions of each affected report. If this property is false, the Total Executions column in the Impacted Reports list is always empty, and process_reports_executed_within_X_days_ago is ignored.

    Type: true/false

    Default: true
    sn_report_acl.com.par_report_acl_assessment.max_affected_users

    The maximum number of affected users retrieved when you click Show Affected Users. Applies to reports viewable by users with specified roles or reports viewable by everyone.

    For reports viewable by groups, this value is the maximum number of affected users retrieved per group.

    Type: Integer

    Default: 5
    sn_report_acl.com.par_report_acl_assessment.collect_dotwalk Captures report fields on extended tables that cause a report to be blocked. This property adds the column Dot Walk Fields to the Impacted Reports table if those fields exist.

    Type: true/false

    Default: true