REST API Call

ralph_campbell · ‎07-12-2017

All,

I'm trying to pull data from the sys_audit table using the table API. How do I setup the ACL to allow the rest api user to read this table.

https://server.service-now.com/api/now/table/sys_audit?sysparm_query=sys_created_on%3C2017-07-11+22%...

response is:

{

"error": {

"detail": "2 records constrained due to ACL restrictions",

"message": "User Not Authorized"

},

"status": "failure"

}

Thanks

Justin Abbott · ‎07-12-2017

You'll need to grant the REST API user admin or configure the read ACL for the sys_audit table to allow the user to read records on the table.

Dave Smith1 · ‎07-12-2017

Justin Abbott wrote:

You'll need to grant the REST API user admin or configure the read ACL for the sys_audit table to allow the user to read records on the table.

Ouch - I'd REALLY advise against this one (although Justin's right with it being a valid, if insecure, approach).

I'd advise creating a new user with a specific new role (sys_audid_ro ..?) then adding an ACL that permits read access for this role to the [sys_audit] table.

I'd also look carefully at the nature of the data required and further restrict read access to only specific fields.

Is there any reason why you'd want to pull this data out? For auditing purposes?

ralph_campbell · ‎07-12-2017

The reason to pull data from this table is for an external tool that needs to sync up groups/user. If a group or user is deleted, the external tool needs that to process data/reports.

Dave Smith1 · ‎07-12-2017

An alternative approach is to use the platform to drive the external tool - have an event (or business rule) firing off on removal of a user/group that performs an API call to the outside source.

It won't properly sync them up; if communication to the external tool is blocked in some way then it won't receive the notification... but an additional method could provide greater reassurance of consistency between the two.