API user record roles for read access to all tables

ritaaudi · ‎02-05-2025

Hi:
I'm looking to setup an API user record in servicenow that can be used by powerBI to query all servicenow tables.

My question is what roles should I give that user record so it only has read access but it can query all tables?
Thank you, Rita

Robbie · ‎02-06-2025

Hi @ritaaudi,

So now we're getting quite specific. This is achievable using parameters in the endpoint.

Eg: https://the_instance_name.service-now.com/api/now/table/incident?sysparm_query=sys_created_on%3Cjavascript%3Ags.beginningOfLast2Years()%5Eassignment_group%3Dd625dccec0a8016700a222a0f7900d06&sysparm_limit=10

Note, due to the potential number of records, I've also added a limit using the syntax "&sysparm_limit=10".

To help others (and for me to gain recognition for my efforts), please mark this response correct by clicking on Accept as Solution and/or Kudos.

  Thanks, Robbie

View solution in original post

Dr Atul G- LNG · ‎02-05-2025

Hi @ritaaudi

When you say, there is no specific role I can do as read-only. You can give module-specific read roles to access the tables.

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

ritaaudi · ‎02-05-2025

I just don't want to have to list read access to every table. Is there an api read only role for ITSM as a whole?

Thanks, Rita

Dr Atul G- LNG · ‎02-05-2025

This might be helpful

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0748343

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Robbie · ‎02-06-2025

Hi @ritaaudi,

Apologies, I don't understand your question. Can you please clarify.

As I've outlined above, with the "snc_read_only" and "snc_platform_rest_api_access" roles, you are effectively granted API access.

However, you still need the appropriate role in order to access (view) specific records, for example, to view the Incident, Problem, Change, Users, Groups etc the 'itil' role will suffice.

As stated, if you want access to all tables, then 'admin' role is required but MAKE SURE you also add the 'snc_read_only' as well as set the 'Web service access only' checkbox to true against the user profile to ensure the account can't be used to log in via the UI and it can only be used for API access.

To help others (and for me to gain recognition for my efforts), please mark this response correct by clicking on Accept as Solution and/or Kudos.

  Thanks, Robbie