Loading...
Loading...
The data visualization can be accessed by anyone who has the URL, provided they have any rolw Steps to Reproduce 1. Log in to any OOB instance 2. Impersonate the user "abel.tuter" 3. Navigate to All > Data Visualizations > Search for "Open incidents" 4. Notice that the visualization is not found in the list 5. However, open the visualization directly using its URL. https://<hostname>.service-now.com/now/platform-analytics-workspace/visualization-designer/d5c8f10ac52fef44c1197cd864764a50 6. Observe that the user "abel.tuter" is able to access the visualization, even though it has not been shared with any user or group.
The user should not be able to access the visualization if it's not shared with them.
The user is still able to access the visualization via URL.
Previously, anyone with a direct link to visualization designer and correct sysId could access a data visualization—even if it wasn’t shared with them. This unintended behavior has now been fixed in the Australia release. Current Access Rules: A visualization is accessible only if: The user created it, The user has the viz_adminor admin role It has been explicitly shared with the user. To share a visualization, follow this guide (This is also a "workaround" or right way of doing sharing visualization): https://www.servicenow.com/docs/bundle/zurich-now-intelligence/page/use/reporting/task/share-dv-ac.html
PRB1871576
Click on a version to see all relevant bugs
ServiceNow Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.