Hi Community,

• Overview
  While working on a customization, I added two new date fields to a ServiceNow table. When I
  tried to query the table using these fields with range conditions, I encountered the following
  error: "Part of the query has been ignored because of insufficient access for 'query_range' operation."
  This unexpected behavior led me to investigate and uncover a significant platform change
  introduced by ServiceNow (Yokohama patch) in May 2025 : a security update that restricts
  range-based queries unless explicitly permitted through new ACLs.

• What Changed?
  
  ServiceNow introduced two new ACL operations to mitigate the risk of sensitive data exposure
  
  through filtered queries:
  
  - query_range
  
  - conditional_table_query_range
  
  These control the ability to run queries using range operators like >, <, >=, <=, and BETWEEN.

• Key Implications
  
  - Stricter Defaults: Range queries are now blocked by default unless explicitly permitted via
  
  these new ACLs.
  
  - Error Messaging: Users without the appropriate ACLs will see messages like the one I
  
  encountered.
  
  - Required Action: Admins must define query_range ACLs for fields where range queries are
  
  needed and assign them to the appropriate user roles.

• Why It Matters
  
  This update closes a security loophole where attackers could infer sensitive data by
  
  manipulating query ranges. With this change, ServiceNow ensures that only users with explicit
  
  permissions can perform such queries — enhancing data protection across the platform

Thanks.

Taha Elalami : Servicenow Consultant

LinkedIn