Loading...
Loading...
If a table does not have any field-level read ACLs, a user role will have access to all the fields in the records granted to it. However, once a field-level ACL is added, all user roles must satisfy the newly added ACL to access that specific field. Furthermore, if a "table.*" read ACL is introduced, any user role that does not meet this ACL could lose access to all records in the table even though it's granted access to the records at the table level. This happens with the core_company table, which is shared system-wide. In 2022, a decision was made to remove all field-level read ACLs from the core_company table to avoid this situation. However, there are some leftovers, which may disrupt apps such as the Vendor Portal due to the vendor contacts require specific access to the core_company table records. If vendor contacts can visit the Vendor Portal's homepage and view the number of assessments but see an empty list of assessments ("No assessments are available") when clicking the number, this might be the issue, the solution is to deactivate all field-level read ACLs on the core_company table.
With both the Vendor Management Workspace and GRC: Vendor Portal installed. Go to vendor portal, login as a vendor contact, observe the list of assessments is empty.
Here are steps to check and resolve the issue: Open the ACL list for the core_company table. Filter the Operation column to display "read" ACLs only. Filter the Type column to show "record" ACLs only. Now if you find any ACLs starting with "core_company.x" (e.g., core_company.*, core_company.name, etc.), deactivate them.
PRB1641048
Click on a version to see all relevant bugs
ServiceNow Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.