ServiceNow Australia Release Cross-Scope Access and Restricted Caller Access
ServiceNow Australia Release Cross-Scope Access and Restricted Caller Integration Impact
Overview
After upgrading to the ServiceNow Australia release (2026), you may experience issues with the HappySignals integration, such as:
- Surveys not being triggered
- Data not being sent to HappySignals
- Errors related to script execution
These issues are typically caused by stricter security controls on cross-scope access between applications.
What Changed in ServiceNow
ServiceNow now enforces more granular and explicit access control between application scopes:
- Access between applications must be:
- Explicitly defined (cross-scope privileges)
- Explicitly approved (Restricted Caller Access, when enabled)
- Implicit or inherited access is no longer sufficient
This particularly impacts integrations that rely on multiple related tables or objects.
Why This Affects HappySignals
The HappySignals integration relies on access to:
- Ticket data (e.g. incident, request)
- User-related data (caller, requested for, etc.)
- Script Includes to trigger surveys
These operations often involve multiple tables across scopes, not just one.
Important Change: User and Related Tables (e.g. Location)
Before Australia release
-
Accessing the User table (
sys_user) was often enough -
Related data such as:
-
Location
-
Department
could be accessed indirectly via the user record
-
After Australia release
-
Access is enforced per table and per operation
-
Having access to
sys_useris no longer enough
You must explicitly allow access to:
-
sys_user(User) -
cmn_location(Location) -
Any other referenced tables (e.g. company, department)
Impact on HappySignals
If the integration:
- Reads user location for reporting or segmentation
- Uses user attributes in survey triggers
Then you may see:
- Missing data in HappySignals (e.g. location empty)
- Script failures when accessing related fields
- RCA records created for additional tables
Typical Example
Scenario:
-
HappySignals reads:
incident.caller_id.location.country
Before:
-
Access to
sys_user→ worked
After:
-
Requires:
-
Access to
sys_user -
AND access to
cmn_location
-
Without both:
-
Data retrieval fails or is incomplete
Important Behavior Change: Reference Values vs. Dot Walkin
What still works
After the Australia release, basic reference values still work normally.
This means:
-
If an integration reads a reference field (e.g. caller_id)
-
It can still retrieve the basic identifier or display value
Example:
-
Reading the caller name or ID from a ticket → still works
What has changed
When accessing additional fields from a referenced record (called dot walking), ServiceNow now requires separate access permissions.
Dot walking means accessing related data like:
- incident.caller_id.location
- incident.caller_id.department
Restricted Caller Access (RCA)
What RCA Does
-
Tracks and controls cross-scope access attempts
-
Requires admin approval for access
Impact on HappySignals
When integration runs:
- ServiceNow may:
- Block access
- Create RCA records
Integration will not work until access is approved
Most Common Symptoms
-
No survey triggered after ticket resolution
-
Missing fields (e.g. location or user attributes)
-
Errors like:
Access to resource not allowed from scope -
Integration works partially (some fields missing)
How to Fix It
1. Approve Access Requests (RCA)
Go to:
System Security > Restricted Caller Access
-
Review new records
-
Set required ones to: Allowed
2. Ensure All Required Tables Are Allowed
Go to:
System Applications > Application Cross-Scope Access
Check access for:
incident,tasksys_usercmn_location- Any other referenced tables (e.g. department, company)
- Script Includes used by integration
Important: Access must be defined for each table separately
3. Validate Integration
Test:
-
Resolve a ticket → survey triggered
-
Check:
-
Location and user attributes are populated
-
No access errors in logs
-
Key Takeaways
-
Australia release enforces table-level access control
-
Access to
sys_useralone is no longer sufficient -
Related tables (like Location) must be explicitly allowed
-
RCA adds an additional approval layer
-
Most issues are resolved by:
-
Approving RCA records
-
Adding missing cross-scope privileges
-
Recommendation
After upgrade:
-
Review all user-related data dependencies
-
Ensure access is granted to all referenced tables (not just user)
-
Use RCA records to identify missing permissions