Why is this an issue?
The table sys_audit tracks all record changes for tables with audition activated, to audit system tables, remove it from the property glide.ui.audit_deleted_tables, then the changes will be saved on sys_audit.
All users on your instance will be able to see record modifications if you give users with the snc_internal role access to the sys_audit table.
This includes:
- Expenses;
- Private user data;
- Private dates (like release dates);
- Other sensitive information under ServiceNow tables.
Best practices
When you create ACLs, if no roles are specified and the com.glide.explicit_roles plugin is active, ServiceNow will automatically add the snc_internal role to the ACL for the sys_audit table when you establish ACLs.
To resolve this issue, delete the snc_internal role from the ACL and replace it with the appropriate role.