Integration user role snc _ platform _ rest _ api _ access

Yasin Shaik11 · ‎02-12-2023

Hi All,

Need help.

If we can give the role---> snc _ platform _ rest _ api _ access to the integration user what type of operations that user can perform. Please explain me.

Thanks in advance.

Shubham_Shinde · ‎02-13-2023

Hello @Yasin Shaik11 ,

A little confusion there, let me explain more clearly:
If you have Table API ACL activated in your instance only then you'll have to assign the role snc_platform_rest_api_access. Now, even after assigning this role, you will have to assign the "it_project_manager" and "it_program_manager" roles to the user to give him access to the designated Tables as snc_platform_rest_api_access will only give him access to use API.
But, if in case this ACL is Inactive in your instance then you can directly give "it_project_manager" and "it_program_manager" roles to the user/group without assigning him the snc_platform_rest_api_access role.

Summary: In both the cases you'll have to assign "it_project_manager" & "it_program_manager " roles to the user.

Hope this will clear some picture for you! 🙂

If my answer has helped with your question, please mark it as correct and give it a thumbs up!

Regards,

Shubham

View solution in original post

Shubham_Shinde · ‎02-13-2023

Hello @Yasin Shaik11 ,

Table API ACL is an oob ACL present in Access Control (ACL) table and it is a generic ACL and not related to any specific table.

If my answer has helped with your question, please mark it as helpful and give it a thumbs up!

Regards,

Shubham

Yasin Shaik11 · ‎02-13-2023

@Shubham_Shinde Thanks I got it.

Actually my client wants to give the it_project_manager & it_program_manager to the integration user. is this best to give these roles directly ? If not please advise me what is the good approach ?

Thanks in advance.

Shubham_Shinde · ‎02-13-2023

Hello @Yasin Shaik11 ,

Yes, if you want your integration user to have access related to those mentioned roles then you can add them to the user or if you have a group containing those roles then you can add your integration user to that particular group. Coz, as suggested by ServiceNow it's a best practice to assign roles to Group rather than directly assigning them to a user.

If my answer has helped with your question, please mark it as correct and give it a thumbs up!

Regards,

Shubham

Yasin Shaik11 · ‎02-13-2023

@Shubham_Shinde Good explanation Thanks.

As per my understanding I have two options here

1. By granting the direct roles like it_project_manager & it_program_manager to do Get&PUT&POST & Delete

2. As you said in above same can be done through snc _ platform _ rest _ api _ access Role by activating the Table API ACLs to perform the Get&PUT&POST & Delete.

If I am wrong , Please correct me here.

Shubham_Shinde · ‎02-13-2023

Hello @Yasin Shaik11 ,

A little confusion there, let me explain more clearly:
If you have Table API ACL activated in your instance only then you'll have to assign the role snc_platform_rest_api_access. Now, even after assigning this role, you will have to assign the "it_project_manager" and "it_program_manager" roles to the user to give him access to the designated Tables as snc_platform_rest_api_access will only give him access to use API.
But, if in case this ACL is Inactive in your instance then you can directly give "it_project_manager" and "it_program_manager" roles to the user/group without assigning him the snc_platform_rest_api_access role.

Summary: In both the cases you'll have to assign "it_project_manager" & "it_program_manager " roles to the user.

Hope this will clear some picture for you! 🙂

If my answer has helped with your question, please mark it as correct and give it a thumbs up!

Regards,

Shubham