We've updated the ServiceNow Community Code of Conduct, adding guidelines around AI usage, professionalism, and content violations. Read more

Have others removed any roles from the ITIL role? (example: snc_platform_rest_api_access')

GoBucks
Mega Sage

3 weeks ago - last edited 3 weeks ago

The ITIL role is a powerful role.  Out-of-the-box it actually contains MANY other roles as documented here:

https://www.servicenow.com/docs/r/platform-administration/user-administration/r_BaseSystemRoles.html

 

Has anyone chosen to remove some of those underlying roles from the ITIL role?

 

In particular, the one that concerns us is the snc_platform_rest_api_access role.  Does an ITIL user who is only ever in the UI really need this role?

 

My concern is that this role allows for any ITIL user to be able to interact with the platform external to the UI via APIs.  The description on the snc_platform_rest_api_access role states:

Allows access to Platform Rest APIs
- Table API
- Import Set API
- Aggregate API
- Attachment API

 

Is it safe to remove this role from the ITIL role?  I just don't know if this is inherent to underlying functionality the user needs within the UI, OR, is this for hitting API endpoints external to the UI? (the latter is what we don't want to grant to all our ITIL users.)

 

Labels:
0 Helpfuls
  • 1,047 Views
5 REPLIES 5

Simon Hendery
Tera Patron

3 weeks ago

Some good ideas on this topic are being shared over on LinkedIn:

https://www.linkedin.com/posts/simonhendery_servicenow-security-governance-activity-7425679379227344...

 

0 Helpfuls