Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Unable to access sys_script table via API using custom role (403 Forbidden)

LogendranM
Tera Contributor

6 hours ago

Hi Team,

 

I’m facing an issue while trying to access the sys_script table through the Table API using a custom user and role.

 

I created a custom user named test_user and a custom role named test_role. The role test_role was assigned to test_user, and I also configured ACLs for the sys_script table with Create, Read, and Write access for both None and * (wildcard).

 

Even after giving full ACL permissions, when I try to retrieve the records from sys_script using the REST API, I receive a 403 Forbidden response. Below is the response message:

HTTP Response Status Code: 403
2025-11-05 13:41:13 [WARNING]: HTTP Request Failed.
URL Path: /api/now/table/sys_script?sysparm_query=nameSTARTSWITH8^EQ&sysparm_display_value=all
Message: {"error":{"message":"Insufficient rights to query records","detail":"Field(s) present in the query do not have permission to be read"},"status":"failure"}

I tried the same ACL configuration for other tables such as cmdb_ci_business_capability and cmdb_ci_business_app, and those tables returned data successfully without any error.

 

However, when accessing the sys_script table, the same setup fails with a 403 error.

 

When I perform the same API request using an admin user, the records from sys_script are retrieved successfully.

 

So, this issue seems to occur only for non-admin users, even with full ACL permissions.

 

I would like to understand why this happens. Is there any system-level restriction or elevated security for the sys_script table that prevents access through API for non-admin users?

 

Also, what is the recommended or best-practice approach if I need to allow a non-admin integration user to read specific fields from the sys_script table via API?

 

Any guidance or explanation on this behavior would be greatly appreciated.

 

Thanks,
Logendran

 

 

0 Helpfuls
  • 71 Views
3 REPLIES 3

Hemanth M1
Giga Sage
Giga Sage

4 hours ago

Hi @LogendranM ,

 

 

Why do you want non-admin users to read or query business rules (sys_script)?


If you still want to proceed, first check which minimum roles are required to read this table using Access Analyzer in your setup as below. Also, consult with your Platform Architect before moving forward

HemanthM1_0-1763474236664.png

 

Hope this helps!

 

Accept and hit Helpful if it helps.

Thank you,
Hemanth
Certified Technical Architect (CTA), ServiceNow MVP 2024, 2025
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron

4 hours ago

@LogendranM 

I won't recommend exposing that table using OOTB Table API.

what's the business need for this?

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

VasilG
Tera Contributor

4 hours ago

Hi @LogendranM,
The sys_script table extends the sys_metadata table, this is most probably where your ACl's Fail. 
But I would generally not advise to expose any kind of application file data via API, as this can be a major security concern. 

If this answers your question, Accept and mark it as Helpful!
Best Regards,

Vasil Ganichev
Certified Technical Architect (CTA)

0 Helpfuls