Access to api 'getDecryptedValue(client_secret)' from scope 'rhino.global'

BaijunathS
Tera Contributor

3 hours ago

I tried to create OAuth credentials for my application scope, but I am getting the following error:

Error:
Access to api 'getDecryptedValue(client underscore secret)' from scope 'rhino.global' has been refused due to the API's cross-scope access policy."

The same configuration works correctly in the Global scope. However, when I try to use it in my application scope, I receive this error and am unable to generate the OAuth token.

I have selected OAuth for External Client while creating the credentials.

Could you please help me understand if there are any additional cross-scope permissions or configurations required for application-scoped OAuth credentials?

 
Preview file
470 KB
0 Helpfuls
  • 127 Views
1 REPLY 1

Tanushree Maiti
Tera Patron

2 hours ago

Hi @BaijunathS 

 

Refer:  KB0690133 How to grant cross-scope access to an application or module 

Getting the cross-scope access policy error while executing the getDecryptedValue() function from th... 

What exactly is "rhino.global", and how do I make it shut up? 

Access to api 'getDecryptedValue(password)' from scope has been refused 

  

 

Option 1: Approve via Restricted Caller Access (Recommended)

  • In the Application Navigator, change your current application scope to Global.
  • Navigate to System Applications > Restricted Caller Access Privileges.
  • Look for a record where the Source Scope is Global  and the target is your scoped table.
  • Change the Status field from Requested or Invalid to Allowed.

 

Option 2 (If record is not available in option1) : Manually Create a Cross-Scope Access Record

  • Navigate to System Application > Application Cross-Scope Access>Click New
  • Fill out the form fields with the following details:
    1. Source Scope: Global
    2. Target Scope: Select your custom scoped application containing the client_secret field.
    3. Target Name: getDecryptedValue
    4. Target Type: Scriptable or Execute API
    5. Operation: Execute
    6. Status: Allowed
  • Save the record.

 

Option 3: Verify Table Application Access

Ensure the custom table hosting the client_secret field applied to all Application scopes

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti
0 Helpfuls