Custom role with read only access to Incident, Problem and sys-db-objects tables.

Bharath Murali · ‎04-06-2022

Working on an integration where we need a custom role with read only access to Incident, Problem and sys-db-objects tables. Getting error when making this API call with a role which only allows read-only access to these 3 tables:-

API Call:-

https://<mysnow-tenant>/api/now/v1/table/sys_db_object?sysparm_query=name=incident^ORname=problem

Getting Error:-

{

"error": {

"message": "Insufficient rights to query records",

"detail": "Field(s) present in the query do not have permission to be read"

},

"status": "failure"

}

Question: How to create a least privilege role which allows to make this read-only API call to sys_db_object with the

ssyparam_query as incident and problem.

Ankur Bawiskar · ‎04-06-2022

Hi,

why to expose OOB table sys_db_object as API?

Please check table level READ ACL and give correct role to your API user

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Bharath Murali · ‎04-06-2022

sys_db_object is also needed for integration to perform table listing.

Questions is to make this API call:-

https://<mysnow-tenant>/api/now/v1/table/sys_db_object?sysparm_query=name=incident^ORname=problem

What is the least privilege read-only role that can be created?

Ankur Bawiskar · ‎04-06-2022

Hi,

you can try to create custom role; create new table level READ ACL on sys_db_object and give that role

Give that role to your API user

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader