file based discover-credentials and permission
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2025 05:21 AM
Hi
for file based discovery, what permission required for ID used for discovery in ITOM. i understand file based discovery happens in last phase of horizontal discovery, but will same id/permission sufficient which as used to scan device ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2025 05:41 AM
Indeed Buddy, During the Exploration phase of Horizontal Discovery, File-Based Discovery (FBD) is used to gather detailed data by reading logs, configuration files, or system information from remote devices.
FBD might not always work with the same credentials that were used to scan the device. Additional permissions may be needed based on the operating system and file access a system.
Ensure file read permissions for configuration files, logs, and system details.
Use sudo for Linux and admin shares for Windows if non-root credentials are used.
For cloud, ensure API and storage access permissions are configured correctly.
✍️Example: If ServiceNow Discovery is scanning a Windows server and needs to read a configuration file, the account must have read permissions on the shared folder...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2025 10:04 AM
Hi @Ashwin27 ,
File-based discovery is part of the exploration phase in horizontal discovery. It collects detailed data by reading configuration files, logs, or system information from remote devices. The permissions required for the ID used in file-based discovery depend on the operating system and the type of files being accessed.
For general permissions, the credentials used for file-based discovery must have read access to the required configuration files, logs, and system details. If the same credentials used for scanning the device (such as during the classification phase) have sufficient permissions, they can also be used for file-based discovery. However, additional permissions may be required depending on the specific files being accessed.
For Windows systems, the account must have access to admin shares (like C$) to read files. If non-admin credentials are used, the account must have explicit read permissions for the target files or directories. For Linux or Unix systems, a sudo-enabled account with NOPASSWD privileges is recommended for commands like cat, ls, and grep to access files. The account must also have read permissions for files such as /etc/release, /var/log/, and other configuration files.
In cloud environments, ensure the credentials have API access and storage permissions to retrieve file data.
According to ServiceNow documentation (https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0813350), file-based discovery requires credentials with file read permissions for the target system. For Windows, admin shares or specific folder permissions are necessary, while for Linux, sudo access is recommended for non-root accounts.
To ensure smooth discovery, it’s a good idea to test credentials using the Credential Test feature in ServiceNow. This helps verify that the credentials can access the required files. Credentials should also be stored securely in the Credential Store and encrypted. Reviewing discovery logs can help identify any permission-related errors during the file-based discovery phase.
For example, if ServiceNow Discovery is scanning a Windows server and needs to read a configuration file, the account must have read permissions on the shared folder or admin share where the file resides. For Linux, if the file is located in /etc, the account must have read access to that directory, and sudo may be required for certain files.
Additional resources that might help include the Discovery Credentials Requirements List (https://www.servicenow.com/community/itom-forum/discovery-credentials-requirements-list/m-p/2646885), the File-Based Discovery Support Article (https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0813350), and ITOM Discovery Best Practices (https://www.servicenow.com/community/itom-forum/itom-discovery-best-practices-for-linux-servers/m-p/...).
By ensuring the credentials meet these requirements, file-based discovery can be performed successfully without encountering permission issues.
If you believe the solution provided has adequately addressed your query, could you please **mark it as 'Helpful'** and **'Accept it as a Solution'**? This will help other community members who might have the same question find the answer more easily.
Thank you for your consideration.