To restrict the Service Account to read only the tasks assigned to specific groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2025 03:30 AM
We've created new service account, role and created ACL to grant read-only access to incident/problem/change/Requested item table. Currently, the account can pull all records, but we need to restrict it to only pull tasks assigned to a specific group.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2025 04:04 AM
Hi @DeepikaRT
If that service account is being used by a third-party application, then share an API that provides access only to records belonging to a specific group.
In the Table API encoded query, add the filter condition "assignment_group=<sys_id of the group>".
Regards,
Siva
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2025 04:27 AM
you will have to ask 3rd party team to add encoded query for group.
But what if they don't give encoded query they will see everything.
You can't control this using Table API.
So I recommend using scripted REST API and you can use GlideRecord in that and restrict and give the API response accordingly.
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Hope you are doing good.
Did my reply answer your question?
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
a month ago
Thanks for your input. I tried applying a data condition in the ACL and tested it in Postman, but it's returning empty results.