Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

How to fetch read roles of tables

parth2922
Tera Contributor

‎11-07-2023 01:00 AM

Hey Everyone,  I want to fetch the read role of the table. For Example, In the case of an incident, the read role is "sn_incident_read", in the case of "change_request" the read role is "sn_change_read". 

 

I have tried with "sys_security_acl_role" with operation read.

acl_url = f"{instance_url}/api/now/table/sys_security_acl_role"
params = {"sys_security_acl.operation": "read", "sys_security_acl.name": incident}

But it gives below roles,

ml_report_user
ml_admin
itil
sn_incident_read

 

So, I checked the user with ml_report_user and the ml_admin role does not read the incident table. So, am I missing something? Or anyone know how to fetch only read role?

0 Helpfuls
  • 1,720 Views
4 REPLIES 4

Ankur Bawiskar
Tera Patron
Tera Patron

‎11-07-2023 01:07 AM

@parth2922 

just having role is not enough. the ACL might have some condition or advanced script.

Unless user satisfies all 3 i.e. role, condition and script access won't be given

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

parth2922
Tera Contributor

‎11-07-2023 01:32 AM

Hi @Ankur Bawiskar , As far as I know, conditions and scripts are used for record-level permissions right? Currently I am finding the Role from which the user can access the whole table and for ml_admin and ml_report_user I have checked the ACL does not have any condition and script still user with ml_admin and ml_report_user does not have access to the incident. 

parth2922_0-1699349519931.png

 

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to parth2922

‎11-07-2023 02:03 AM

@parth2922 

Nope, your understanding is wrong.

whenever table level READ ACL is evaluated everything is evaluated i.e. role, condition and script (if any)

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

parth2922
Tera Contributor
In response to Ankur Bawiskar

‎11-07-2023 02:11 AM - edited ‎11-07-2023 02:12 AM

Okay, Got it But do you know why the user with the above ml_admin and ml_read_role has not access the incident? There is no condition or script associated with it or do you have any idea how we can fetch a list of users who have access to the specific table?

0 Helpfuls