Is there a read-only role available for the sys_dictionary table in ServiceNow?

Onlyprashant · 3 weeks ago

I want to use dictionary information (like field definitions) in my scoped application, but I don’t want to grant elevated permissions that allow updates to the dictionary. Is there an out-of-the-box role for read-only access to the sys_dictionary table, or would I need to create a custom role for this purpose?

#scopedApplication #table

M Iftikhar · 3 weeks ago

Hi @Onlyprashant,

No, there is not a standard, out-of-the-box role designed specifically for read-only access to the sys_dictionary table. Roles that typically have access to the dictionary, such as personalize_dictionary and admin, also include write permissions, which is more than what your scoped application requires.

The best and most secure practice is to create a custom role for your application. You can then create a new read-operation Access Control List (ACL) on the sys_dictionary table and assign your custom role to it. This approach follows the principle of least privilege by granting your application only the precise permissions it needs to function without exposing the system to unnecessary risks

Hope this helps!

Thanks & Regards,
Muhammad Iftikhar
If my response helped, please mark it as the accepted solution and helpful so others can benefit as well.

Onlyprashant · 3 weeks ago

Hi @M Iftikhar ,

Thanks for your detailed explanation!

One concern I have is that since we’re working within a scoped application, creating a new ACL on an OOB (out-of-the-box) table like sys_dictionary would typically get flagged during certification. Given that, how can we best approach this scenario without violating certification guidelines?

Is there an alternate approach that allows us to maintain read-only access to the dictionary for the scoped app while still adhering to best practices?

Appreciate your insights, and thanks again for your guidance!