Recognize this (note specific scripts and scopes may vary)?

Unfortunately we have all seen them and they can be quite annoying but they are very easy to fix!  

Here is a little background on why these errors happen:

• Restricted Caller Access Privileges is a feature introduced in the London release which is basically an additional security layer that allows ServiceNow administrators to set whether other applications/scopes can access data in another app.
• • There are two settings: Caller Restriction and Caller Tracking
  • Caller Restriction means that the application admin must approve other scopes to access the data
  • Caller Tracking allows other scopes to consume the data but that access is tracked in a log and no approval is required
• This is a setting in many different configurations within the platform:
• • Tables - via Application Access tab where you designate if another app can read, create, update, or delete records and if that action is Caller Restriction or Caller Tracking
  • Script Includes - settings at the top
  • System Events
• Because of the sensitive nature of HR data, the scoped HRSD application leverages this feature and specifically Caller Restriction.
• • Again this means that any time another scope needs to access HR configurations and data, it must be approved. 
  • But keep in mind that HR is comprised of many scopes so this even means that one HR scope calling another HR scope must also be approved!

How do you solve these errors? The message in the error gives you several clues on what to look for when fixing this issue.

• Navigate to System Applications \ Application Restricted Caller Access Privileges
• I personally look at the Status Column and filter out all Approved so I can view the ones that are either in Requested or Invalidated status
• I also add the Updated column to the list and sort in descending order as well

• Remember I mentioned the error provides clues?  The highlighted row is the record we need to approve to make the example error go away:

• Click the link in the Operation column or the Information circle to open this record.
• You must select the Target Scope (Content Delivery in this case) to change the Status from Requested to Approved

• Then save the record and try your test again
• In some cases one script may call another script which will generate another Restricted Caller Access record.  So if your test fails again, repeat the above steps to see if there is another RCA record to approval

Important Considerations:

• Restricted Caller Access records are meant to be a security feature so you know what applications, scripts, etc are consuming HR Data.  If you have other records in Requested status you should investigate those as well and approve if applicable.
• • Sometimes background processes like workflows, etc may also get tripped on Restricted Caller Access and you may never see this error but notice broken functionality.
• During development it is important to check this table periodically for Requested items.  You could consider setting up an email notification to be notified when records are set to the Requested or Invalidated status.
• Once you approve an Application Restricted Caller Access Privilege record, it is recorded in update sets.
• • This means as you are developing new functionality you can include the approval so you won't experience these errors in the target instance.
  • It is worth noting that if you change the items referenced in this record, the status will become invalidated and you MUST approve the record again.  This generates another Restricted Caller Access record so you must include the new version of the record in your update set - the old version will NO longer work.