Security Incident - Cannot update state through REST API calls, even if I get 200 response

hattrick · ‎07-31-2022

Hi,

I'm trying to update ServiceNow Security Incident table (sn_si_incident) using API calls (through a python client but I tried with API Explorer too) with an integration user + client for oauth. I can update basically everything, but I can't manage to do basically 2 things:
1) update the state of the Security Incident. Even if I get response 200, the state remains stuck at the state I originally opened the SIR, even if I assign admin role to the user.
2) cannot modify SIR assigned to other people or unassigned.

I tried debugging observing the Transaction Log Chain, but it's not clear if it is a matter of BRs o ACLs (is there anything else that could prevent me from operating these modifications?), I can't see anything wrong (to be honest I'm not very expert on this, I'm learning now). How can I observe the BRs/ACLs hit by an inbound REST API calls? Any idea?

Tony Chatfield1 · ‎07-31-2022

Hi, to clarify you can update other fields on the record like short_description, work_notes etc?
Without any details of your message\payload it's not possible to assess the data you are sending, perhaps you could attache text copy of a payload that has failed so the the content of the state and assignment_group can be reviewed?

hattrick · ‎08-01-2022

Hi,
yes for example if I try to update an existing SIR, assigned to the user I'm using for the API calls (with the admin role), I have the following behaviour (I tried with both PUT/PATCH):

And in the response body I can find close_code and close_notes with the correct value:

But state still stuck on the previous state:

The other case is when the SIR is assigned to another user. In this case I keep receiving 200 as response, but no fields is really updated.

hattrick · ‎08-07-2022

Hi,

just to close the topic, I find the issue and solved.
It was a Dictionary Entry Override on the state that was set to Read Only and preventing the change of it.

Thank you.