ACL on table API and Cart API

rambo1
Tera Guru

‎01-19-2025 05:01 AM

HI Team, 

 

I need only set of users (with 'x' custom role) to be able to access TABLE API for all tables except incident and event table for 'post,put,patch' methods.

I know there is a ootb ACL which is inactive , it can be activated a 'x' role can be added to it but it affects all tables. How do I remove incident and event table ? I am stuck in adding condition to not to apply to incident and event table in the below ACL.

or is there any other way ?

Also I need 'Cart api' to be access only by set of user ('y' custom role), how to achieve this ?

Uses of activating OOB 'Table API' ACL. - Support and Troubleshooting - Now Support Portal

0 Helpfuls
  • 771 Views
5 REPLIES 5

Kieran Anson
Kilo Patron

‎01-19-2025 05:11 AM

Hi,

Switch to using the newer REST API Access Policies as they allow you to control granular access.

 

Ankur Bawiskar
Tera Patron
Tera Patron

‎01-19-2025 06:46 AM

@rambo1 

for all tables except incident and event? which other tables are you talking about?

You will have to ensure you have table level UPDATE, CREATE correct ACL so that only users to whom you want to give access create the records via Table API

What's your requirement around cart API?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

rambo1
Tera Guru
In response to Ankur Bawiskar

‎01-19-2025 11:06 PM

In article I have given , there is OOTB acl for table API but thats for all tables which are going to use table API.

So incident and event also uses table API, when I do some customization on that ACL , its should not impact  incident and event when someone uses table api to create records in incident and event.

Coming to cart api, only specific role users should be able to access cart api.

0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to rambo1

‎01-19-2025 11:20 PM

@rambo1 

since it's an OOB ACL I won't recommend updating that.

If you update then it will impact other tables as well since the OOB ACL might be used by other tables as well

Cart API is an OOB API. I don't think you can restrict that

1 thing you can do is validate using before insert BR on REQ AND RITM table and see if REQ and RITM is getting submitted by correct role user if it comes from API

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls