A recent ServiceNow platform security update is causing unexpected behavior across the ecosystem—and Serenity is actively investigating its impact.
In May 2025, ServiceNow rolled out a platform-wide patch that tightens enforcement of query-level access controls, particularly around query related Access Control Lists (ACLs). There are two types of query ACLs:
query_range ACLs (like CONTAINS, STARTSWITH, or >=) and, by extension, query_match ACLs (EQUALS, IN). While the update is designed to prevent users from inferring sensitive information through filtered queries, it has also introduced side effects that may:
Affected users may encounter error messages like:
"Part of the query on [table_name] has been ignored because of insufficient access for ‘query_range’ operation on [table_name.field_name]"
This is not specific to Serenity. The issue is platform-wide and affects all ServiceNow customers and applications. The exact impact will vary by customer depending upon level of direct customization and volume of third-party store apps installed. Serenity applications saw a ~45–50% increase in ACL records, which may impact both performance and manageability.
Our teams are actively following the impact of this ServiceNow update. We are:
Our goal is to find a solution that secures our customer’s sensitive data appropriately, and minimizes the impact to the user’s experience.
If you manage a ServiceNow environment, we recommend:
If you’re seeing unusual access patterns or errors, contact Serenity Support or open a case via the portal—we’re here to help. Stay tuned. We’ll continue to update this post as validated remediations become available.
