Only admins can make REST API calls with Oauth 2.0 Authorization code grant type

Go to solution
rohanlimaye
Tera Expert

ā€Ž06-22-2019 02:39 PM

Hi,

I have configured Oauth 2.0 to connect with third party Oauth provider. I can successfully get access and refresh token when I click 'Get oauth token link' from REST message.

I have wrote a business rule on Incident table to trigger the same REST message mentioned above. It triggers successfully for admin accounts but if I impersonate some user with non-admin roles the REST message do not execute.

Have you came across such scenario? Can you please help me with this issue?

 

Labels:
0 Helpfuls
  • 4,482 Views
1 ACCEPTED SOLUTION

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to rohanlimaye

ā€Ž06-23-2019 02:06 AM

Hi Rohan,

Are you able to get the OAuth access token with the non-admin user session?

The ACL on the oauth_credential table might be causing this issue. Try adding a read ACL on the table and provide the role who needs this access to call and you should be able to test it.

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
āœØ Certified Technical Architect  ||  āœØ 9x ServiceNow MVP  ||  āœØ ServiceNow Community Leader

View solution in original post

5 REPLIES 5

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron

ā€Ž06-22-2019 02:45 PM

Can you post your business rule?

Are you passing the client secret and token while sending your request?


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls

Go to solution
rohanlimaye
Tera Expert

ā€Ž06-23-2019 12:42 AM

Please see attached script include which triggers REST message. My business rule calls this script include on Incident update. 

When I put log statements they run till r.executeAsync() but gets stuck at this line.

Does user making REST call need to have read access to oauth_credential table? That is the only place where I can see roles coming into picture. Where admins can access the data in the table and other can't.

Preview file
39 KB
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to rohanlimaye

ā€Ž06-23-2019 02:06 AM

Hi Rohan,

Are you able to get the OAuth access token with the non-admin user session?

The ACL on the oauth_credential table might be causing this issue. Try adding a read ACL on the table and provide the role who needs this access to call and you should be able to test it.

Mark Correct if this solves your issue and also mark Helpful if you find my response worthy based on the impact.
Thanks
Ankur

Regards,
Ankur
āœØ Certified Technical Architect  ||  āœØ 9x ServiceNow MVP  ||  āœØ ServiceNow Community Leader

Go to solution
rohanlimaye
Tera Expert
In response to Ankur Bawiskar

ā€Ž06-23-2019 08:23 AM

As I suspected it is the read ACL on oauth_credential table not allowing non-admin user to read the access or refresh token hence failing to make REST API call.

0 Helpfuls