Help with ACL

VirendraKuD
Tera Contributor

yesterday - last edited yesterday

Hi Team,

 

I have created one custom role, and I want to provide read and write access to this role for all tables in servicenow.

 

I have created scripted rest api. In Default ACL, I am using custom ACL:

Type: REST_endpoint

Operation: excute

Application: Custom application

Active: true

Decision Type: Allow if

Admin override: true

Protection Policy: None

Name: ACL for Custom API

Requires Role:

   - rest_api_explorer.

 

As informed by ServiceNow support, we should use other roles as well in ACL other than rest_api_explorer. So, planning to use custom role. I want to add custom role which has read and write access for all tables becuase scripted rest api has GlideRecordSecure. 

 

Thanks in advance

 

0 Helpfuls
  • 257 Views
7 REPLIES 7

Ankur Bawiskar
Tera Patron
Tera Patron

13 hours ago

@VirendraKuD 

But why?

Why would any user with that role have read access to all the tables?

What's your actual business requirement?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

VirendraKuD
Tera Contributor
In response to Ankur Bawiskar

9 hours ago

Hi @Ankur Bawiskar ,

 

We have functionality were we post data to worknotes of records. Currently we are posting data to incident, cases and work order only. But we are planning to generalize this so that user can post data to worknotes of any table. 

In scripted REST API as suggested by ServiceNow support, we need to use GlideRecordSecure inplace of GlideRecord. GlideRecordSecure checks for table level ACLs and field level ACLs. An we currently getting translated strings from sys_translated table. Becuase of GlideRecordSecure I am not able to perform read operation on sys_translated table.

 

Thanks

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to VirendraKuD

9 hours ago

@VirendraKuD 

Sorry I am still not clear on the exact requirement.
If you are planning to use GlideRecordSecure then you need field level READ and WRITE ACL on work_notes field to pass for that API user.

Create field level READ and WRITE ACL for work_notes for your table and give the role you are giving to API user.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls