Is it possible to make REST API calls without ITIL role

Go to solution
ethanballinger
Kilo Explorer

‎11-30-2016 07:43 AM

We are currently trying to make several calls through the REST Table API. We keep running into ACL issues with our users. Currently we are using the rest_service and web_service_admin role as defined in the documentation here: REST API - ServiceNow Wiki. We haven't added any ACLs that should impact access by using these roles.

We are hoping to accomplish a few general tasks:

1) Create incident

2) Update incident (add comment and close incident)

3) Read incident, company, knowledge base records

I've seen several suggestions to add ITIL, but we are trying to avoid doing this. Is ITIL required to perform these operations?

0 Helpfuls
  • 4,776 Views
1 ACCEPTED SOLUTION

Go to solution
mmongeau
Giga Guru

‎11-30-2016 04:31 PM

The ITIL role is not required, but you will need to creates ACLs to grant access to some of those operations for users with the rest_service role.  



Create Incident (ACL create/record) already has an ACL that allows any user to create an Incident to no change is required there.


Update Incident (ACL write/record) will require a new ACL since the existing ones only allow update if you are the incident creator or have the ITIL role.


You'll have to check the ACLs for the other operations to determine which ones need new ACLs for the rest_service role.



I like to create new ACLs rather than update existing ones.   It makes it easier to disable later if necessary.



  Michael


View solution in original post

4 REPLIES 4

Go to solution
mmongeau
Giga Guru

‎11-30-2016 04:31 PM

The ITIL role is not required, but you will need to creates ACLs to grant access to some of those operations for users with the rest_service role.  



Create Incident (ACL create/record) already has an ACL that allows any user to create an Incident to no change is required there.


Update Incident (ACL write/record) will require a new ACL since the existing ones only allow update if you are the incident creator or have the ITIL role.


You'll have to check the ACLs for the other operations to determine which ones need new ACLs for the rest_service role.



I like to create new ACLs rather than update existing ones.   It makes it easier to disable later if necessary.



  Michael


Go to solution
srinivasthelu
Tera Guru

‎11-30-2016 04:47 PM

@Michael, is right.



Who ever gives you that suggestion, they meant to save some efforts, but that is definitely not the best way.




The rule is , User has to satisfy api level access + resource access .





Thanks


Srinivas


0 Helpfuls

Go to solution
ethanballinger
Kilo Explorer

‎12-01-2016 11:01 AM

Thanks. I was able to add an ACL on the incident table for the role my API is using and it resolved the issue.


0 Helpfuls

Go to solution
maroon_byte
Mega Sage

‎12-05-2019 01:23 PM

I did try the same: Created a custom role, assigned custom role to the integration user & created ACL on change request table to read and write\update. But the integration ID was not able to update the Change Request (work notes). (I am trying to avoid but) As soon as I either assigned ITIL role to the user or added the integration ID to the change request assignment group, it started to work.

Let me know if setup for Table API access on Change Request can be done without using ITIL role.

0 Helpfuls