OAuth Global vs Application Scope: [sys_db_object] table, Expecting different list of tables
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2024 02:46 PM - edited 03-21-2024 02:48 PM
I am confused about what between Global scope and Application scope, and what is the expected restrictions when used.
Specifically, I wish to get a list of tables using [sys_db_object] table, and I expect a different response per generated access_token with a different scope.
https://${INSTANCE_NAME}.service-now.com/api/now/table/sys_db_object
I have created two ServiceNow Applications, each with a single custom table:
- ServiceNowTestApp01, scope x_1092494_servic_0, with custom table x_1092494_servic_0_students_custom
- ServiceNowTestApp02, scope x_1092494_servic_1, with custom tablex_1092494_servic_1_superstore_orders
I have created three ServiceNow OAuth Apps:
- servicenow_localhost, scope: Global
- servicenow_localhost_app_01_scope, scope: ServiceNowTestApp01 "This Application Scope Only"
- servicenow_localhost_app_02_scope, scope: ServiceNowTestApp02 "This Application Scope Only"
Switching between each of the three ServiceNow OAuth Apps when generating an access_token, I expected a different list of tables to be as the response from [sys_db_object] table.
However, each called to [sys_db_object] table with a different access_token generated from OAuth App's with different scope restriction, they all had the same response:
- All base tables
- custom table x_1092494_servic_0_students_custom
- custom table x_1092494_servic_1_superstore_orders
I do not understand why this is so.
Please explain. Thank you
Localhost OAuth App with Global scope
Localhost OAuth App with Application scope ServiceNowTestApp01, x_1092494_servic_0
Localhost OAuth App withApplication scope ServiceNowTestApp02, x_1092494_servic_1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2024 04:31 PM
Hi, I would expect results\visibility to be dependent on the rights of the user account that was used for the query,
and within this context the scope that holds the oauth_entity record is just an identifier for the container\app that the record belongs to.