PUT Table REST API to update read-only field

samw1 · ‎01-27-2016

Hi, I am brand new to ServiceNow so just checking if the behavior below is by design and any workaround... Many thanks in advance.

I am making a PUT Table API call to update a field in my custom application. The status code returned is 200 so I thought it was successful. Though upon reviewing the record, the value didn't change. After hours of trial-and-error, I finally figured out the reason the value didn't change is because the field is configured as "read-only" in the form. Once I remove the "read-only" attribute, the API started to work as expected. I added sysparms_fields to the API call to return the value to verify if it was updated successfully. Though I have to change the field back to "read-only" before publishing. So questions:

1. I can see why the PUT API didn't update a read-only field. Though is the status code of 200 (success) the status code I should expect even if the update didn't happen? This is the same status code if the operations successfully updated the value.

2. What are the options to workaround this? UI Policy to read-only for everyone except for the role to call API?

Thank you.

venkata_koya · ‎01-29-2016

1. How to enable read-only of particular column for certain users.

- Easy way is to create ACL on particular field for write, create operations which will avoid modifying field and you can open up that field to API user

samw1 · ‎01-31-2016

Hi Venkat,

Thanks for the response and tip. Will experiment with the following:

Create an ACL for write and create operations on the specific field and assign this ACL to my application's role that is granted to all application users.
Create another ACL that have full access to the specific field and only assign this ACL to the role that is granted to the credential for call the PUT (update) API

This approach will make the field Read-Only to all application users, but the PUT API will still be able to change the value of the field.

Correct? Is this aligned with your idea?

Thanks again,

-Sam

Am_d_e Potier · ‎02-21-2023

Hi Sam,

we are stuck on this exact point that you raised 5 years back! If your memory is always good, would you mind sharing the details on 'Create another ACL that has full access"

What is full access ? Obviously, adding the Create and Write is not sufficient. If the Field is Read Only, then it won't work... please help.

thanks in advance for the (long) continued support 🙂

Cheers,

Amédée

samw1 · ‎02-26-2016

I finally got around to try Venkata's idea. Given I am a new to ServiceNow, it took some experimenting but the suggestion definitely sent me down the right path. Steps below for the new comers like me...

1. Change the default role created for my module/application to have read only access to the specific field. This role is assigned to all interactive users.

2. Add a new role that "contains" the module/application role from step 1. (i.e. parent role) and grant this role "write" access to the specific field.

3. Assign the role created in step 2 (with write access to the field) to the account that I use to call the API

Now, to the other question in my original post, you will get a success status code even though you don't have write access to a field when you call PUT Table API to update it. The work around for me is to request for the API to return the value from the API call using the "sysparm_field" parameter. Example below. This allows my business logic to determine whether the value was actually updated to what was expected.

PUT : https://<server>/api/now/table/<table>/<sys_id>?sysparm_fields=updatefield1,updatefield2