Unable to fetch proper roles of table

parth2922
Tera Contributor

‎10-16-2023 11:10 PM - edited ‎10-16-2023 11:15 PM

Hello Everyone, 
                          Currently, I am fetching table read roles with "sys_security_acl_role" and i pass the argument "operation" as read and "name" as table name
acl_url = f"{instance_url}/api/now/table/sys_security_acl_role"
params = {"sys_security_acl.operation": "read", "sys_security_acl.name": incident}
 
But in the response i got multiple roles as below:
ml_report_user
ml_admin
itil
sn_incident_read
 
So, here sn_incident_read is correct as the user with sn_incident_read has access to read the table but why i am getting ml_report_user, ml_admin, and itil where ml_report_user, ml_admin does not have read access to the table. 
 
Does anyone know how can i fetch only roles that have read access to the table only?
0 Helpfuls
  • 742 Views
5 REPLIES 5

Anand Kumar P
Giga Patron
Giga Patron

‎10-16-2023 11:30 PM

Hi @parth2922 ,

sys_security_acl_role table stores information about roles associated with ACLs, but it doesn't explicitly indicate whether the role has read access to the specific table.To fetch only the roles that have read access to a specific table in ServiceNow, you should first find the Access Control List table sys_security_acl associated with the table and then query the sys_security_acl_role table to get roles associated with that specific ACL. This will give you a list of roles that have read access to the table, excluding those without such access.
Please mark it as helpful and solution proposed if it works for you.

 

Thanks,

Anand

parth2922
Tera Contributor
In response to Anand Kumar P

‎10-16-2023 11:50 PM

Hello @Anand Kumar P , In the argument I have checked the same thing I set sys_security_acl.operation = read and sys_security_acl.name = table_name, So, if I follow the above steps I get the same result.

0 Helpfuls

parth2922
Tera Contributor
In response to Anand Kumar P

‎11-07-2023 02:24 AM - edited ‎11-07-2023 02:24 AM

Is there any way to filter out more, I have checked with sys_security_acl.operation = read and sys_security_acl.name = table_name. It gives above result.

0 Helpfuls

Tai Vu
Kilo Patron
Kilo Patron

‎10-16-2023 11:35 PM

Hi @parth2922 

These 2 roles ml_report_user and ml_admin come from the below ACL.

URL: https://<instance_name>/sys_security_acl.do?sys_id=546553d487300300b309452c97cb0b3f

 

The response you received is correct due to this plugin "Predictive Intelligence [com.glide.platform_ml]"

Since the plugin above activated, the ACL will be installed accordingly.

 

And below is the URL for tour API call.

URL: https://<instance_name/sys_security_acl_role_list.do?sysparm_query=sys_security_acl.operation%3Dread...

 

Let me know if it works for you.

 

Cheers,

Tai Vu