Comment
Tera Guru

It's understood that ServiceNow Inbound REST API uses 'grant_type' as one of password or refresh_token and password has to be used the first time to get the access token and refresh token. User credentials here will be mapped to the roles based on corresponding endpoints to be accessed, like read access to a table, or create/write access to another table.

Since the access token/refresh token is the one subsequently used to connect to a ServiceNow instance (until they are timed out), would like to understand what will happen if roles mapped to user credentials are removed/modified in the meanwhile. For example, if existing read access is removed after getting an access token, will the external application continue to have read access based on access token or will it stop working because read access for the table has been removed in user credentials?