Read-only service accounts for integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 hours ago
I am creating OAuth API endpoints for external clients, specifically for infosec scanning and logging tools like Splunk or Palo Alto SSPM or Valence. I want to I grant the respective service accounts both admin and snc_read_only roles.
However I think this blocks the ability to register the client, create the auth token, or update refresh tokens.
Should I add the oauth_credentials table to glide.security.snc_read_only_role.tables.exempt_write ?
What other tables might I need to add to allow a proper integration?
https://www.servicenow.com/docs/r/platform-administration/user-administration/c_ReadOnlyRole.html
Once the integrations have been established the records on User table would be toggled from Human to Machine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
I just ran into this issue and Now Support said that you cannot use snc_read_only role if using Oauth. They didn't even bring up this system property. This sound like it would fix the issue instead of removing snc_read_only role.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
I was just reading Valence's instructions on setting up a ServiceNow read-only service account, and they were atrocious: Custom Role and 30+ custom ACLs, and I knew there had to be a better way. Started diving into snc_read_only product docs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 hours ago
Found a KB article
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0817646
that also called out user_multifactor_auth
