Does user with "rest_service" role have access to all tables in service now? Can they create and records to each of the tables?

quiksilver
Mega Guru

We were planning to provide rest api to customers so they can create / and read tickets for their company but was worried if they would have access to other service now tables? 

If yes, Is there a setting I can used to turn this off? or Do I have to create ACL for each table to prevent access? 

Alikutty A
Tera Sage

Hello,

rest_service role was used in the previous releases for granting access and no longer used. We do not require any roles to access the REST API's. The only thing required is a valid user id and password. As long as you pass the table level ACLs. a user id can access the table data. There are also certain additional security that can be enforced upon the REST like the default ACLs in scripted REST APIs or ACLs at API level.

Thanks!

quiksilver
Mega Guru

Thanks for your reply Ali, 

 

So if Want to secure my other table, do i need to created scripted rest? and not use table api ? 

 

But if I give a username password to customer, they can still access other tables right? Is there any way to stop this ?

Yes they can access tables as long as the ACLs allow them to do it. They could even access the data from UI as the ACLs wont prevent them from doing so, so why restricting on a web service level? If you need to restrict then you should do it at both places. I do not think it can be stopped as basic authentication is required for access and this is a part of its design

 

quiksilver
Mega Guru

Hi Ali,

 

are you familiar with this ? 

 

https://docs.servicenow.com/bundle/london-application-development/page/integrate/inbound-rest/concep...

 

will this help my issue if I use this ? or no need ? 

 

quik