How to fetch access control roles of tables

parth2922
Tera Contributor

‎10-12-2023 11:12 PM

Hey Everyone, I want to fetch access control roles of tables using rest API. Does anyone know how can i get the roles of tables?

 

I only want to know the minimum read role of the table. I.E. incident have sn_incident_read role.

 

Thanks.

 

0 Helpfuls
  • 3,697 Views
7 REPLIES 7

Hemanth M1
Giga Sage
Giga Sage

‎10-13-2023 11:28 AM

Hi @parth2922 ,

 

Glide "sys_security_acl_role" which gives roles associated to ACLs

HemanthM1_0-1697221686704.png

 

Accept and hit Helpful if it helps.

Thank you,
Hemanth
Certified Technical Architect (CTA), ServiceNow MVP 2024, 2025

parth2922
Tera Contributor
In response to Hemanth M1

‎10-13-2023 12:00 PM

@Hemanth M1 ,

                             Thanks for the response. Actually, I am new to ServiceNow and I am working on an automation script in which I want to fetch a user list that has read access to the specific table. Currently, I am able to fetch users with specific roles using "sys_user_has_role" table but I don't know how to fetch specific table read roles using only table_name. 

 

I have tried to fetch "sys_security_acl_role" table data but it does not provide table info and ACL name. Currently, I only have the table name and I want to fetch the read role of that table using a script.

0 Helpfuls

Jaspal Singh
Mega Patron
Mega Patron
In response to parth2922

‎10-13-2023 12:43 PM

Hi @parth2922 ,

Unsure, if I get it.

 

'Actually, I am new to ServiceNow and I am working on an automation script in which I want to fetch a user list that has read access to the specific table. Currently, I am able to fetch users with specific roles using "sys_user_has_role" table but I don't know how to fetch specific table read roles using only table_name. '

You need to create a database view for sys_user_has_role table and sys_security_acl_role  to get list of users with access to particular table

 

Unsure, if expectation is something else, altogether.

 

Hemanth M1
Giga Sage
Giga Sage
In response to parth2922

‎10-13-2023 01:08 PM

Hi @parth2922 ,

 

ok, first glide "sys_security_acl_role" as below get roles and check them against sys_user_has_role table to get users having these role

 

just FYI: this would give you all the users who have role on the read access ACLs this doesn't mean that these users  have read access beacuse if a read access ACLs has some condition script which is checking other condition lets say read access to only  member of this group wouldn't give to exact result.

 

script to get users :

 

var users =[]
var acl = new GlideRecord("sys_security_acl_role");
acl.addEncodedQuery("sys_security_acl.operation=read^sys_security_acl.name=incident")
acl.query();
while(acl.next()){
users.push(acl.sys_user_role.toString()); //list of the read roles on incident
}

//find users with this role
var accessroleUsers=[]
for(i=0;i<users.length;i++){
var roleUser = new GlideRecord("sys_user_has_role");
roleUser.addQuery("role", users[i]);
roleUser.query();
while(roleUser.next()){
accessroleUsers.push(roleUser.user.getDisplayValue()); //get users having this role
}
}
var finalList= new ArrayUtil().unique(accessroleUsers); //remove any duplicate entries 
gs.info(finalList) //this would give you the final list of users having read access (roles) on incident

output:

HemanthM1_0-1697227677851.png

 

Accept and hit Helpful if it helps.

Thank you,
Hemanth
Certified Technical Architect (CTA), ServiceNow MVP 2024, 2025