Restrict the API access to only GET Method

Go to solution
Lucky1
Tera Guru

‎05-04-2025 10:02 PM

Hello all,

 

Good day!

I got a task to create a table API on task table and then create a user for this where I can use this account for authentication.

So, the user should be able to only Get the task data, like Incident or Change requests or Catalog tasks data but he should not be able to update or delete the data in those tables.

(the user should only be able to read the data but not modify it)

 

So, can someone provide me the steps to achieve this please?

 

 

 

Regards,

Lucky

 

0 Helpfuls
  • 1,173 Views
1 ACCEPTED SOLUTION

Go to solution
Robert H
Mega Sage
In response to Lucky1

‎05-05-2025 10:55 PM - edited ‎05-05-2025 11:13 PM

Hello @Lucky1 ,

 

Thanks for the feedback. Since your original question has been answered it should also be marked as such.

 

Regarding your additional question, as per the OOTB ACLs the Transaction Log table can only be accessed by users with the admin role. So you would either have to grant that role to the integration account (not recommended), or you create a new Role (e.g. "transaction.read") and a "Read" ACL for the syslog_transaction table that requires this role. Then grant the role to the integration account.

 

Regards,

Robert

 

View solution in original post

11 REPLIES 11

Go to solution
Robert H
Mega Sage

‎05-04-2025 11:12 PM - edited ‎05-05-2025 12:08 AM

Hello @Lucky1 ,

 

Please assign the role snc_read_only to the user account that is querying the API. It will ensure that this account has only read access.

 

Example of trying to change data while this role is assigned:

 

RobertH_0-1746428856419.png

 

Regards,

Robert

Go to solution
Chaitanya ILCR
Kilo Patron
In response to Robert H

‎05-04-2025 11:45 PM

Hi @Lucky1 ,

adding snc_read_only fulfils your requirement,

I have tested this and is working 

*** Script: 403
*** Script: {"error":{"message":"Operation Failed","detail":"ACL Exception Update Failed due to security constraints"},"status":"failure"}

 

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

Go to solution
Lucky1
Tera Guru
In response to Chaitanya ILCR

‎05-05-2025 09:59 PM

Hello Chaitanya and Robert,

 

Yes, this is working fine.

Can you give me any idea on the below one also please?

 

I have created a user and assigned hin snc_read_only role.

Now if I want the same user to pull the records from other tables as well like, Transaction log table, it is not allowing me from Postman.

So, here how can I proceed?

 

Regards,

Lucky

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Lucky1

‎05-05-2025 10:06 PM

@Lucky1 

transaction log etc are system table so the access might be different one

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Go to solution
Chaitanya ILCR
Kilo Patron
In response to Lucky1

‎05-05-2025 10:09 PM

Hi @Lucky1 ,

Give the roles to the user which gives access to those tables 

for example itil role for incident problem change and request etc

in the similar way give the user the role which give access to transaction log table check the acls and give proper role 

with snc_read_only it make sure that account has only read only access even if you were to give admin access(not recommending it just saying)

 

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya