Service Now API roles and permissions web_service_admin, rest_api_explorer insufficient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2020 05:47 AM
We are curious around what Permissions and Roles apply in ServiceNow when using the public APIs. As per service now product and community documentation following roles should be sufficient: web_service_admin, rest_api_explorer to call the APIs, but we have been running into issues with this.
- To get a list of metadata objects we query sys_db_object to fetch all the metadata objects in a service now account. This works successful with the roles defined (web_service_admin, rest_api_explorer
- To get subfields on a particular metadata object, we query the sys_dictionary object with the name of the object and its parents (if any). This only works with Admin role assigned to the user calling the ÁPI.
Is there a workaround given that the suggested documented roles do not work as per documentation?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2020 05:54 AM
Hi Martin,
web_service_admina and rest_api_explorer are least roles required for API calls. In addition you need to give roles required to interact with the target table. For example, if you are iteracting with import sets then Import admin etc.
Hope that helps!
Regards,
Muhammad
Muhammad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2020 06:37 AM
Hi,
The OOTB one is bit crazy that it won't support until you give all the permissions to reference fields as well.
Please use these Roles as well. This will make sure that the Service Account that you are using have Read only access to all the table.
- admin
- snc_read_only
Note: Even though if you give admin role, that service account only gets the read only access.
Thanks,
Narsing
