Assigning Roles to API Users

Takuto K · 3 hours ago

Hi
I want to allow external systems to query the incident, sc_req_item, and sys_user tables via the REST API.
What permissions should I grant to the API users?
I’d like to limit the roles to the absolute minimum.
Thanks!

Tanushree Maiti · 3 hours ago

Hi @Takuto K

1. custom role (recommended): For better security and control, Check Read ACL on your table like incident, sys_user etc. That ACL role provide to the integration user account.

2.snc_platform_rest_api_access role: this role is required for the user to access the Table API endpoint. By default, this ACL is often inactive.

3. Web service access only checkbox: When creating the user in User Administration > Users, select the Web service access only checkbox. This prevents the account from being used to log into the UI, increasing security.

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

Ankur Bawiskar · 2 hours ago

@Takuto K

I will suggest not to expose Table API as it will allow 3rd party to see all the data

Instead you can use Scripted REST API and use GlideRecord to get the data and pass in API response

The API user should have simply rest roles

for this you can check docs

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader