Will removing the snc_platform_rest_api_access from itil users cause problems

David Field · ‎01-27-2022

I've enabled the ACL for Table API such that only users with the snc_platform_rest_api_access role can access the Table API.

All itil users inherit this role, thus allowing them to access the system via the Table API, which is not desirable.

If I remove the snc_platform_rest_api_access from itil users, will it stop anything from working?

Allen Andreas · ‎01-27-2022

Hi,

You're correct. You can remove that nested role from ITIL which would remove their ability to use the Table API. This shouldn't have any other impacts as the purpose of that role when it was introduced like 3 years ago, was to give them that access (as the rest_service role was deprecated).

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Allen Andreas · ‎01-28-2022

Hi,

Thanks for marking my reply as Helpful.

If it also helped guide you Correctly, please also mark it as Correct.

Thanks and take care! 🙂

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Jeff Boltz1 · ‎01-28-2022

It is a good idea. I like to create a group that contains snc_platform_rest_api_access, this way we can support RBAC, and have a default deny on the REST API, only allowing those explicitly granted.

You might need to tweak some of those execute ACLs to allow interactive since the platform uses REST internally on some functionality.

Reference: REST API | ServiceNow Docs