- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2018 06:40 PM
Hi Everyone,
Wondering if anyone has any suggestions on methods to restrict specific methods on specific APIs.
For example, we would like to provide Read access on all table APIs, but restrict write access to just the import set APIs (and others later perhaps). I've seen the OOB table API ACLs, but they restrict the ability to execute not specific methods.
We have thought about building out a role that would be restricted to read but it seems like we would be building a pretty complicated ACL by the time we accounted for everything we wanted access to. And it doesn't seem very scalable.
If anyone has run into this kind of thing before and has any advice, would be much appreciated!
Solved! Go to Solution.
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2018 07:42 AM
The only way is using ACLS. Create a write/create ACL and restrict the users from creating/updating records.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-28-2018 09:29 PM
I have run into this kind of situation.
I built scripted REST API and controlled access to API using endpoint.
Please follow below for more detail on scripted REST API.
https://docs.servicenow.com/bundle/kingston-application-development/page/integrate/custom-web-services/reference/r_CustomWebServiceSecurityMatrix.html
Regards,
Sachin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2018 07:36 AM
Thanks Sachin,
Unfortunately, this wouldn't let me restrict the users from using the table APIs for PUT/POST. Ideally we would let users GET from the table API so they could access the data, but restrict any PUT/POST to import set/scripted APIs. I haven't seen a scalable way to accomplish that yet 😞
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2018 07:42 AM
The only way is using ACLS. Create a write/create ACL and restrict the users from creating/updating records.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2018 02:55 PM
Update:
We haven't found an easy way around this that can scale - I think it would be great to have specific method restrictions available on a per-table/per-role basis. If only for the table APIs. I'll submit an enhancement request one of these days 🙂
Thanks everyone for the suggestions!
