Restrict non-interactive user to only perform post operation through API call

Go to solution
Bhawnad
Tera Contributor

‎01-24-2024 11:11 PM

Hi,

 

I have a requirement that, a non interactive user id should only be able to create case (POST operation) in ServiceNow with API and it should not be able to access (read/update/delete) any records from the case or any other tables in ServiceNow.

 

Kindly advise the best possible approach to achieve this requirement. I am thinking of scripted API.

 

Thanks is advance.

0 Helpfuls
  • 377 Views
1 ACCEPTED SOLUTION

Go to solution
Tony Chatfield1
Kilo Patron

‎01-25-2024 12:32 PM

Hi, I do not think scripted REST API resolves your requirement, and the REST API Access policy plugin would be the best solution for this - it meets your requirement and also mitigates existing exposure via REST API.

REST API access policies (servicenow.com)

View solution in original post

1 REPLY 1

Go to solution
Tony Chatfield1
Kilo Patron

‎01-25-2024 12:32 PM

Hi, I do not think scripted REST API resolves your requirement, and the REST API Access policy plugin would be the best solution for this - it meets your requirement and also mitigates existing exposure via REST API.

REST API access policies (servicenow.com)