- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2026 01:56 AM
Hi community,
I'm running a 403 forbidden error when trying to use an AI skill (incident summarization) published by a ServiceNow MCP server.
Scenario:
OAuth Client Credentials (with an integration user with ITIL role)
AI Skill (OOTB) requires ITIL role
Token is generated OK
I'm able to "connect" from both MCP clients (Postman and MS Copilot)
The "tool" is available
When trying to execute, 403 forbidden is the error.
Any idea? Any help is welcome.
Thanks,
Ariel
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2026 03:35 AM
Hi colleagues,
I found it. The missing role is: sn_mcp_server.viewer
Granting this role to the service account user in OAuth config (+ ITIL as required by the AI Skill) I was able to execute it (incident summarization) from Postman
Thanks for your help and I hope my finding helps you.
Ariel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2026 12:28 AM
Hi @rpriyadarshy
No records on sn_mcp_execution_logs.
So weird.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2026 12:23 AM
Hi colleagues,
An update on "my case".
I was able to make it work changing the "integration user" by "my" (admin) user; then, for me, that action confirm a missing role/s. Now I need to know which role/s are missing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2026 03:35 AM
Hi colleagues,
I found it. The missing role is: sn_mcp_server.viewer
Granting this role to the service account user in OAuth config (+ ITIL as required by the AI Skill) I was able to execute it (incident summarization) from Postman
Thanks for your help and I hope my finding helps you.
Ariel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
@arielgritti how did you exactly add the role? There is not user tied to OAUTH, just client id and secret,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago - last edited 2 weeks ago
Hi @adrian08
We're able to add the user because we switched to Client Credentials OAuth type.
Doing that, an "OAuth user" is mandatory. Usually, there is when you create an "integration/functional" user and you can add the role.
Thanks for your help and I hope my finding helps you. If true, please mark it as helpful.
Ariel
