How to allow full table access to non-admin user.

ralph_campbell
Kilo Explorer

‎07-27-2017 01:32 PM

Hi,

We are trying to pull request information via the REST table api.

https://xxxxxxx.service-now.com/api/now/table/sc_request?sysparm_query=sys_updated_on%3C2017-07-26+1...

We have created and ACL for the user/role with full access, but some of the fields are not being returned. For example the "Number" field is missing when the query is run by a non-admin. When the query is run by a admin user all the fields are returned.   We need assistance in configuring the security/ACL for the sc_request table.

 

Thanks

Ralph

Labels:
0 Helpfuls
  • 5,854 Views
6 REPLIES 6

corina
ServiceNow Employee
ServiceNow Employee

‎07-27-2017 01:41 PM

Hello Ralph.



To be on the safe side, you can create read, write, create   for the role of the respective user ( let us say one of the roles of the user is itil) for the following:


1. sc_request for   * ( star)


2. sc_request for none


3. sc_request for number



I am exemplifying 3 of them.


Screen Shot 2017-07-27 at 22.40.49.pngScreen Shot 2017-07-27 at 22.40.17.png


Preview file
229 KB
Preview file
112 KB
0 Helpfuls

chirag_bagdai
ServiceNow Employee
ServiceNow Employee

‎07-27-2017 01:42 PM

Hi,



I don't think there is any OOB ACL on number field, I would say please check if there is any custom ACL (or you can enable debugging and impersontate intergration user) to see which ACL is stopping.


0 Helpfuls

Dave Smith1
ServiceNow Employee
ServiceNow Employee

‎07-27-2017 01:47 PM 

For example the "Number" field is missing when the query is run by a non-admin.

This would suggest there's a sc_request.number:read rule that blocks access to this user.



Check what read rules you have for that field, and add your custom role to the read rule (or create another) - you should be okay.


0 Helpfuls

Robert Webb1
Tera Expert

‎07-27-2017 01:48 PM

Ralph,


Use the security debugger to assist with access to certain table elements. Without knowing all of the ACLs you have in place for all tables involved here it would be difficult for me to say off the top of my head.



Debugging ACLs Quick Steps


  1. Log In as Admin User
  2. In the nav bar type "Debug Security Rules"
  3. Choose System Security -> Debug Security Rules
  4. Impersonate the user you want to have access
  5. Navigate to the table in question (sc_request)

Note: Make sure you don't navigate there yourself first as the ACL evaluation is cached per session and will lead to head bashing later.



Access Control Rules Debug



Hope this helps.