Report permission issues

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Report permission issues

    This content explains common reasons why ServiceNow reports may display less information than expected or no data at all, focusing on permission-related causes. Understanding these issues helps ensure that reports are properly shared and data visibility aligns with user permissions.

    Show full answer Show less

    Report Sharing and Visibility

    By default, newly created reports are not shared and are only accessible to the report creator or users with the admin role. If a report is not shared, other users cannot view it, and it will not appear in their report lists or selection options. When users can see a dashboard containing the report but not the report itself, a message indicates it is only visible to specific users or groups.

    To resolve this, the report owner or an administrator must share the report with the appropriate users, groups, or roles. Sharing can be done directly via the report's sharing icon, enabling targeted access control.

    List Reports Showing Fewer Rows

    Differences in the number of rows visible in list reports are often due to read access controls (ACLs) on the source tables. Each row undergoes an ACL check, and rows for which users lack read permission are omitted from the report. When rows are removed due to security constraints, a message informs users of the number of rows excluded.

    Incomplete Data in Non-List (Graphical) Reports

    Graphical reports may show varying data sets to different users because Before Query business rules on the source tables filter the data before report generation. These business rules enforce permissions or other criteria, so users with different roles or group memberships may see different results in the same report.

    There are several reasons why a report is showing less information than expected or possibly no data at all. These include insufficient permissions on the report and the report not being shared.

    Report not shared

    A common reason that a report may not be viewable is that the report hasn’t been shared with the users who are attempting to access it. By default, a newly created report won’t be shared and therefore inaccessible to anyone except the report creator or users with the admin role. A report can be shared with an individual user, with one or more groups, or assigned to one or more roles.

    Unshared reports don’t appear in lists of reports a user has access to or in other options in which a report might be opened or selected. When users are able to see a dashboard the report has been added to, but not the report itself, a message indicates that the "Report is visible only to a specific user or group".

    To correct this issue, the owner of the report (or an administrator) can share that report with the individuals who should have visibility and access to that report. You can share a report directly from the report's sharing icon. For more information, see Share a report.

    List reports show fewer rows than expected

    Another common issue is that fewer rows appear in list reports than the viewer expects. For example, one user sees 100 rows in a list report, but another user, viewing that same report may see fewer rows or even no rows at all. When one or more rows have been removed from the report, a message indicates the number rows removed due to security constraints.

    The usual cause is that each row of a list report is first compared against any read access control lists (ACLs) defined on the report's source tables.

    The ACL is considered for each list row that might be displayed in a report. For more information, see Report_view access control.

    Non-list reports show incomplete data

    Graphical reports (defined as any non-list type report) may show an incomplete set of data for one user, as compared to another user reviewing that same report.

    This issue is caused by the fact that Before Query business rules are performed on the data from the source table before a report is generated and rendered. Business rules, found on a report's source tables, limit the data based on permissions or similar criteria. Any records that don’t fulfill the rule's criteria aren’t included in the report. Therefore, users with differing permission levels (due to group or role permissions mainly) see the same report showing different results. For more information, see Before Query business rules.