How to define a new role which can access system tables?

gee
Tera Guru

Hi Team,

I am looking for defining a new role which can access system tables, such as the following tables.

  • sys_domain (Domains)
  • sys_glide_object   (Field class)
  • sys_audit_delete   (Audit Deleted Record)
  • sys_db_object   (Database objects)
  • sys_dictionary (Dictionary Entry)

Current system property "glide.sm.default_mode" is set as Deny.

We do not want admin & snc_read_only combination.

Testing failed when we given READ *.* to all tables for a new role.

Is there any way to define new role to access these tables?

Appreciate your valuable suggestions.

Thanks & Regards,

Gee

1 ACCEPTED SOLUTION

Two options:



Either use admin+snc_read_only like you noted above.


-or-


Create a new role for this integration and go to each table's ACL and add read-access for that role then apply it to the account doing the connection/integration with ServiceNow.



Docs: Access control rules


Docs: Contextual security  


Security Best Practices - ServiceNow Wiki


View solution in original post

7 REPLIES 7

Chuck Tomasi
Tera Patron

Hi Gee,



Can you provide a use case where you need access to these tables? By default, admin can access these.



Are you looking for just read-only access to these fields? I'm curious "why?"


Hi Chuck,


This requirement is for data replication and reporting purposes. Copying tables (data) from ServiceNow instance to SQL instance using SOAP. Then customers/company can use their own favorite reporting tool.



There are more system tables in the list of requirements.


Thanks & Regards,


Gee


Two options:



Either use admin+snc_read_only like you noted above.


-or-


Create a new role for this integration and go to each table's ACL and add read-access for that role then apply it to the account doing the connection/integration with ServiceNow.



Docs: Access control rules


Docs: Contextual security  


Security Best Practices - ServiceNow Wiki


gee
Tera Guru

Hi Chuck,


When giving READ access to sys_domain table the following error message is displayed. No idea how to overcome this security warning!


Security constraints prevent access to requested page



Currently the system property "glide.sm.default_mode" is set as Deny.



Thanks & Regards,


Gee