- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2018 03:14 PM
So, I created a local ServiceNow user that has the snc_platform_rest_api_access role.
Here's the deal... if I give this URL to someone:
MYINSTANCE.service-now.com/api/now/table/incident?
sysparm_display_value=all&
sysparm_exclude_reference_link=true&
sysparm_fields=u_vsts_bug_number%2Cnumber%2Ccaller_id%2Cbusiness_service%2Cimpact%2Copened_at%2Cpriority%2Cassignment_group
and then provide them with the local api account username/password, that user can edit the URL to pull back all other fields too. Heck, they can simply type
MYINSTANCE.service-now.com/api/now/table/incident?sysparm_display_value=alland pull back all records.
So, how can I force (restrict) what they're able to pull back? I only want them to pull back the exact fields that I allow.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2018 11:49 AM
I got it figured out using a scripted rest api. I have the access targeted to the exact table and fields as needed, all without having to edit/create a single ACL rule. I would share the process but it would deserve its own write-up with screenshots and code examples, but it's dynamic and can be used anywhere I need this type of functionality. Thanks for allowing me to talk this out and eventually figuring it out.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2018 03:16 PM
ACLs should still be enforced through all of this so you should just have to limit that role's read access to those fields/records with ACLs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2018 03:19 PM
That's the route I went, but so many ACL's just to poke holes is a PITA. I was hoping there was a more efficient route.
BTW... it's nice to meet you, Mark. Huge fan and long time user of ServiceNow Guru!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2018 03:28 PM
You're welcome, and it's nice to meet you as well! I agree it's a bit tedious, but that's the only way to do it with the table API.
Please mark my answer above as the correct answer if I answered your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-20-2018 03:18 PM
That is a drawback with the out of box table api. You do not have control on the endpoint, all you can do is create new acls on the table and give your api account that specific role. That is why I always prefer scripted apis.
