- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2017 10:27 AM
Hi Team,
I am looking for defining a new role which can access system tables, such as the following tables.
- sys_domain (Domains)
- sys_glide_object (Field class)
- sys_audit_delete (Audit Deleted Record)
- sys_db_object (Database objects)
- sys_dictionary (Dictionary Entry)
Current system property "glide.sm.default_mode" is set as Deny.
We do not want admin & snc_read_only combination.
Testing failed when we given READ *.* to all tables for a new role.
Is there any way to define new role to access these tables?
Appreciate your valuable suggestions.
Thanks & Regards,
Gee
Solved! Go to Solution.
- Labels:
-
Integrations
-
Scripting and Coding

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2017 10:42 AM
Two options:
Either use admin+snc_read_only like you noted above.
-or-
Create a new role for this integration and go to each table's ACL and add read-access for that role then apply it to the account doing the connection/integration with ServiceNow.
Docs: Access control rules
Docs: Contextual security
Security Best Practices - ServiceNow Wiki

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2017 10:29 AM
Hi Gee,
Can you provide a use case where you need access to these tables? By default, admin can access these.
Are you looking for just read-only access to these fields? I'm curious "why?"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2017 10:35 AM
Hi Chuck,
This requirement is for data replication and reporting purposes. Copying tables (data) from ServiceNow instance to SQL instance using SOAP. Then customers/company can use their own favorite reporting tool.
There are more system tables in the list of requirements.
Thanks & Regards,
Gee

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2017 10:42 AM
Two options:
Either use admin+snc_read_only like you noted above.
-or-
Create a new role for this integration and go to each table's ACL and add read-access for that role then apply it to the account doing the connection/integration with ServiceNow.
Docs: Access control rules
Docs: Contextual security
Security Best Practices - ServiceNow Wiki
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2017 12:33 PM
Hi Chuck,
When giving READ access to sys_domain table the following error message is displayed. No idea how to overcome this security warning!
Security constraints prevent access to requested page
Currently the system property "glide.sm.default_mode" is set as Deny.
Thanks & Regards,
Gee