- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2024 01:44 PM
Hi, I would like to check if a ServiceNow user has enough roles and access controls to create event in em_event table. I wonder if I can use this GET REST API to find out:
https://devxxxx.service-now.com/api/now/table/em_event?sysparm_limit=1
The purpose is to check first, then use the following POST REST API to create events in em_event table:
/api/global/em/jsonv2
Since the POST API is not a table API, I concern if the GET API is correct. Please advise. Thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2024 01:46 PM
To check if a ServiceNow user has sufficient roles and access controls to create events in the `em_event` table, the **GET** API request you're using may not be the best option. The **GET** API only checks if the user has read access, but doesn’t guarantee create permissions for the POST request.
Here’s a better approach:
1. **Use the GET API with sys_metadata privileges**: Check the user’s access using a `GET` request to the `sys_user_has_role` table to confirm if the user has the necessary roles for creating events.
```bash
GET https://devxxxx.service-now.com/api/now/table/sys_user_has_role?sysparm_query=user=<user_id>^role=<required_role>
```
2. **Validate Access via the POST API**: Instead of just relying on a `GET` from the `em_event` table, you could test your user’s permissions directly by attempting a **POST** with a test event in `em_event` using the `/api/global/em/jsonv2` endpoint. If the call fails, you'll know the user doesn’t have the required permissions.
3. **Use Glide System Functions (if testing manually)**: Alternatively, if testing in a script, you can use ServiceNow's `GlideRecord` or `gs.hasRole()` to check if the user has the required role(s) for event creation.
This will give you a more accurate validation of create permissions than simply relying on a **GET** API call.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2024 01:46 PM
To check if a ServiceNow user has sufficient roles and access controls to create events in the `em_event` table, the **GET** API request you're using may not be the best option. The **GET** API only checks if the user has read access, but doesn’t guarantee create permissions for the POST request.
Here’s a better approach:
1. **Use the GET API with sys_metadata privileges**: Check the user’s access using a `GET` request to the `sys_user_has_role` table to confirm if the user has the necessary roles for creating events.
```bash
GET https://devxxxx.service-now.com/api/now/table/sys_user_has_role?sysparm_query=user=<user_id>^role=<required_role>
```
2. **Validate Access via the POST API**: Instead of just relying on a `GET` from the `em_event` table, you could test your user’s permissions directly by attempting a **POST** with a test event in `em_event` using the `/api/global/em/jsonv2` endpoint. If the call fails, you'll know the user doesn’t have the required permissions.
3. **Use Glide System Functions (if testing manually)**: Alternatively, if testing in a script, you can use ServiceNow's `GlideRecord` or `gs.hasRole()` to check if the user has the required role(s) for event creation.
This will give you a more accurate validation of create permissions than simply relying on a **GET** API call.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-04-2024 06:50 PM
Hi @sadif_raja , thank you very much for your reply. The options are very helpful. I will experiment 1 and 2.
3 is not applicable to my case because the work is in java, no script, but it is really good to know.
Thanks!
