Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Unable to access sys_script table via API using custom role (403 Forbidden)

LogendranM
Tera Contributor

3 weeks ago

Hi Team,

 

I’m facing an issue while trying to access the sys_script table through the Table API using a custom user and role.

 

I created a custom user named test_user and a custom role named test_role. The role test_role was assigned to test_user, and I also configured ACLs for the sys_script table with Create, Read, and Write access for both None and * (wildcard).

 

Even after giving full ACL permissions, when I try to retrieve the records from sys_script using the REST API, I receive a 403 Forbidden response. Below is the response message:

HTTP Response Status Code: 403
2025-11-05 13:41:13 [WARNING]: HTTP Request Failed.
URL Path: /api/now/table/sys_script?sysparm_query=nameSTARTSWITH8^EQ&sysparm_display_value=all
Message: {"error":{"message":"Insufficient rights to query records","detail":"Field(s) present in the query do not have permission to be read"},"status":"failure"}

I tried the same ACL configuration for other tables such as cmdb_ci_business_capability and cmdb_ci_business_app, and those tables returned data successfully without any error.

 

However, when accessing the sys_script table, the same setup fails with a 403 error.

 

When I perform the same API request using an admin user, the records from sys_script are retrieved successfully.

 

So, this issue seems to occur only for non-admin users, even with full ACL permissions.

 

I would like to understand why this happens. Is there any system-level restriction or elevated security for the sys_script table that prevents access through API for non-admin users?

 

Also, what is the recommended or best-practice approach if I need to allow a non-admin integration user to read specific fields from the sys_script table via API?

 

Any guidance or explanation on this behavior would be greatly appreciated.

 

Thanks,
Logendran

 

 

0 Helpfuls
  • 632 Views
7 REPLIES 7

VasilG
Tera Contributor
In response to LogendranM

2 weeks ago

Glad we could help!
One thing to consider, since you are working and handlig operations agains sys_script table, make sure you also use different authentication method from basic for your API. Since this Integration user is most probably going to have admin rights, it will be best practice to set up Oauth 2.0 for the requests.
Also, if this development you are doing is for a servicenow application for the app store, they will not allow you in any way to touch those tables.

Best Regards,

Vasil Ganichev
Certified Technical Architect (CTA)

0 Helpfuls

Hemanth M1
Giga Sage
Giga Sage
In response to LogendranM

2 weeks ago

HI @LogendranM ,

 

Again, Business Rule (sys_script) is not a data table, it's a configuration table. i would still recommend to refrain from exposing this table and creating/updating records in this table. it's like you're telling the system to create logic on the fly. i can understand Business Application and Capability, but not the Business Rule table.

and also, would like to understand why a non-admin user needs to read/write to a configuration table?

 

Hope this justification helps to exclude business rule table!

 

 

 

Accept and hit Helpful if it helps.

Thank you,
Hemanth
Certified Technical Architect (CTA), ServiceNow MVP 2024, 2025
0 Helpfuls

Hemanth M1
Giga Sage
Giga Sage
In response to Hemanth M1

Monday

@LogendranM 

 

Close the loop by accepting if our responses answered your question!

Accept and hit Helpful if it helps.

Thank you,
Hemanth
Certified Technical Architect (CTA), ServiceNow MVP 2024, 2025
0 Helpfuls