READ ONLY acess to ServiceNow tables

jameslambros · ‎02-24-2016

I have created an account (websvcusr).

This account has roles (web_service_admin and rest_service).

I would like to give the websvcusr account READ ONLY access to all of our tables...however the only way I have found to do this is by creating an ACL for each table granting READ access for the following condtion:

gs.hasRole('web_service_admin') && gs.hasRole('rest_service');

Is there any other way to give this account READ ONLY access other than having to create and ACL for each table?

Mike Patel · ‎02-24-2016

You can add "snc_read_only" and "itil" Roles to user account. That will give websvcusr same access itil user but read only.

View solution in original post

Mike Patel · ‎02-24-2016

You can add "snc_read_only" and "itil" Roles to user account. That will give websvcusr same access itil user but read only.

Community Alums · ‎02-24-2016

That is an interesting approach; if the 'snc_read_only' role does not exist as an entry on the table, though, will it still operate in the way you've mentioned?

The description for this role is:

Users with the snc_read_only role are prevented from creating, updating, or deleting records in the database. The read access is determined by ACLs.

Would you still need to add this role to the read operation on the table? Of course, with the itil role, a user can read most tables by default, but would that not incur a license cost?

Mike Patel · ‎02-24-2016

No, You don't have to add this role to any table. you can add itil role so if itil role has access to tables then user will also have access to it and snc_read_only will override it to read only

Community Alums · ‎02-24-2016

I just tested this, and it appears to work as explained. If the account has just itil, it can create a record. If it also has the 'snc_read_only' role, it can read (GET), but not create (POST).

Thanks for posting this, I didn't even know that existed!

Cheers,

Tim