Role for integration user

Samantha Sam
Tera Contributor

‎05-14-2020 09:00 PM

Hi,

I am using 2 instances for integration.

On Instance 1, I created a Rest message with Basic auth profile of an end user.(NO roles for this end user).

On Instance 2, for the scripted REST API, this ACL 'Scripted REST External Default', where it mentions 'snc_platform_rest_api_access' role is needed to execute the rest end point has been tagged.

 

From instance 1, When I used the POST method to create incident in Instance 2, its working fine.

So are roles not required for this integration profile?

I was under the impression that 'snc_platform_rest_api_access' / itil role should be given, but thats not the case.

or is there any issue with ACL.

0 Helpfuls
  • 6,044 Views
7 REPLIES 7

DirkRedeker
Mega Sage

‎05-14-2020 09:25 PM

HI

It depends on the target machine, where roles are needed.

If no roles are needed on your REST Endpoint, everybody can use it.

THink about it: A REST Endpoint is not only possible to consume by ServiceNow, but alos by any other (Web) Application with access. I just depends on HOW the user/machine logs in to the REST machine, and NOT on which access rights "one" has on the source "system" (which is ServiceNow Instance 2 in your case).

So, to make your REST Endpoint safe, you need to make sure that "One" needs to authenticate for access.

Does that makes sense to you?

Let me know, if that answers your question and mark my answer as correct/helpful

BR

Dirk

0 Helpfuls

Samantha Sam
Tera Contributor
In response to DirkRedeker

‎05-15-2020 12:38 AM

Hi Dirk,

On Instance 2, I can see this ACL 'Scripted REST External Default', where it mentions 'snc_platform_rest_api_access' role is needed to execute the rest end point.

this ACL is tagged to the scripted rest API in instance 2.

Still end user is able to execute API.

0 Helpfuls

DirkRedeker
Mega Sage
In response to Samantha Sam

‎05-17-2020 10:00 AM

Hi

WHat are the versions of the two instances?

BR

Dirk

0 Helpfuls

DirkRedeker
Mega Sage
In response to Samantha Sam

‎05-17-2020 10:06 AM

Hi

Did you check the both options (marked yellow in the screenshot below) on the "Scripted Rest Resource" form for your Scripted Rest API (see screenshot below):

You can find them by opening the records in the Related List "Resources" of the "Scripted Rest Service" form

find_real_file.png

 

For more details on how these switches work, refer to the docs page on:

https://docs.servicenow.com/bundle/madrid-application-development/page/integrate/custom-web-services...

 

Let me know.

BR

Dirk

Preview file
79 KB
0 Helpfuls