creating a sys_user using rest api call

Deepali5 · ‎04-11-2023

I want to create a new login user using rest API.

I can post to sys_user table right?

I see that sys_user table has a role field. How can I assign multiple roles while creating the user. I tried to put a comma separated list as a value for the role field. e.g

{"first_name":"xx","last_name":"yy","company":"Aa","roles":"admin,user","user_name":"superuser"}

The response shows success but in the actual user record I don't see any roles assigned.

So how do I assign roles thr' rest API

I also want add user to a group.

Do I need to write a separate rest call to sys_user_group to create a group?

Thanks

Tony Chatfield1 · ‎04-11-2023

Hi, you cannot assign roles to a user via the sys_user.role field and to assign roles will need to insert new records on 'sys_user_has_role' table.

I don't consider it best practice to populate this type of data directly into destination tables, especially core tables and I would use a temporary staging\import table and an import\transform map.

Post the data into the staging table via rest (I would use a scripted rest api), including some method to identify required roles. ( I also think it best practice to assign roles via group membership.)
Then use a before transform script to populate the users roles into sys_user_has_role, or to populate the users groups into 'sys_user_grmember', so that the user inherits the correct roles from the groups.

If you want to add any other data IE groups, then the process is the same, you must post the data to the target table (or ideally a staging table and transform to the target table).

Deepali5 · ‎04-11-2023

@Tony Chatfield1

Thanks for the reply. I have no idea how to use staging / transform table. Could you please point me to any documentation?
For testing purpose if I create roles using sys_user_has_role table then do I have to put the sys_id of that record while creating the user?
like

{"first_name":"xx","last_name":"yy","company":"Aa","roles":"<sys_id>","user_name":"superuser"}

and similarly to add to group should I put the sys-id of user into the json used for rest api.
Thank you

Tony Chatfield1 · ‎04-11-2023

These would be good starting doc's

Importing data using import sets (servicenow.com)

Scripted REST APIs (servicenow.com)

You will need to post your user record,

then post a new record with (the returned) user sys_id and the role (or group) sys_id into the appropriate target table IE sys_user_has_role or sys_user_grmember.

If you use a staging table and import\transform process, you would be able to post (new) user and existing role/group data in 1 payload and then transform to target tables as required, you will also be able to use role and group 'names' as opposed to using sys_id's - as long as your transform script(s) is correctly configured.
Edit for my previous post; assignment of groups or roles via a transform script would be better delivered by and after transform script, not a before script as I indicated.

Deepali5 · ‎04-12-2023

I posted this json

payload = {"role": "user,admin",

"user": <user_sys_id>}

to sys_user_has_role. I got success 201 response.

When I checked the user record it shows a role assigned to the user but it says empty.

Please see the attached image

So how do I assign roles to a user?

Thanks again,

appreciate your help.