- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2023 05:04 AM
I have tried using a get method using an endpoint of
/api/now/table/task
I don't know what is the logic or the default filter for it, is it getting all the records of the user can access to? I thought it would be just like the /api/now/table/sn_customerservice_case endpoint which is returning the records of the users it can access to.
As I tried using a 3rd party tool with a test user that has the same role of a customer in our instance it will return many records that this user should not have access to.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2023 05:54 AM
Hello @Benjie Bagayna,
All ServiceNow API respects the login users access and will only return data which is permissible by the user to view.
The /api/now/table/task endpoint returns all the records from the task table that the user has access to, based on the user’s roles and ACLs. However, the task table is a parent table that contains many child tables, such as incident, problem, change_request, and so on. Therefore, the endpoint may return records from different types of tasks that the user may not expect to see.
If you want to filter the records by a specific type of task, you can use the sysparm_query parameter to specify a query on the sys_class_name field, which indicates the table name of the record. For example, if you want to get only the incident records from the task table, you can use the following endpoint:
/api/now/table/task?sysparm_query=sys_class_name=incident
You can also use other query parameters to further filter or sort the records, such as sysparm_limit, sysparm_offset, sysparm_order_by, and so on. You can find more information about how to use the REST API Explorer and the table API from this article and this article.
Hope this helps.
Kind Regards,
Swarnadeep Nandy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2023 05:54 AM
Hello @Benjie Bagayna,
All ServiceNow API respects the login users access and will only return data which is permissible by the user to view.
The /api/now/table/task endpoint returns all the records from the task table that the user has access to, based on the user’s roles and ACLs. However, the task table is a parent table that contains many child tables, such as incident, problem, change_request, and so on. Therefore, the endpoint may return records from different types of tasks that the user may not expect to see.
If you want to filter the records by a specific type of task, you can use the sysparm_query parameter to specify a query on the sys_class_name field, which indicates the table name of the record. For example, if you want to get only the incident records from the task table, you can use the following endpoint:
/api/now/table/task?sysparm_query=sys_class_name=incident
You can also use other query parameters to further filter or sort the records, such as sysparm_limit, sysparm_offset, sysparm_order_by, and so on. You can find more information about how to use the REST API Explorer and the table API from this article and this article.
Hope this helps.
Kind Regards,
Swarnadeep Nandy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2023 08:09 AM
Thanks for answering. One last thing since the external users can access to their cases since they can get their cases through the task table using a 3rd party tool do we need to restrict their access to it or not? As I know since the task table is a parent they can't see their cases if we restrict it right?
