How can I delete incidents via API using elevated roles like admin or security_admin?

normano
Tera Contributor

‎06-14-2025 05:30 AM

Hi everyone,

I'm currently integrating with the ServiceNow REST API to manage incidents using the Table API endpoint (`/api/now/table/incident`). I can successfully create incidents using the `aes.creator` user on our developer instance (`https://dev.....9.service-now.com`), but when I try to delete an incident via API, I get a permission error (403 Forbidden).

Here's the basic configuration I'm using:

config = {
"username": "aes.creator",

"instance_url": "...."
}

0 Helpfuls
  • 454 Views
2 REPLIES 2

VikMach
Mega Sage

‎06-14-2025 06:28 AM

@normano, delete ACL's on incident table only permits 2 roles to delete the record.
1) admin

2) itil_admin

You can grant one of these roles to your `aes.creator` user based on your requirement and what you are trying to achieve. Think and discuss with your team if Admin role would be really required.
If not, then itil_admin is enough to achieve this.

Hope that helps!

Regards,
Vikas K

0 Helpfuls

J Siva
Tera Sage

‎06-14-2025 07:06 AM

Hi @normano 

As per OOB configuration, a user must have itil_admin or admin role to delete an incident record. So, check if that user account has necessary access.

Screenshot_20250614-193414.png

Regards,

Siva

0 Helpfuls