Does user with "rest_service" role have access to all tables in service now? Can they create and records to each of the tables?

Go to solution
quiksilver
Mega Guru

‎05-21-2019 05:44 PM

We were planning to provide rest api to customers so they can create / and read tickets for their company but was worried if they would have access to other service now tables? 

If yes, Is there a setting I can used to turn this off? or Do I have to create ACL for each table to prevent access? 

0 Helpfuls
  • 8,581 Views
1 ACCEPTED SOLUTION

Go to solution
Alikutty A
Tera Sage
In response to quiksilver

‎05-22-2019 02:38 AM

Explicit roles plugin is a different concept and is primarily used with CSM for separating internal and external customers of Service Now. You will need to undertand its purpose and see if it is really required for your instance. Once it is activate all users in the sys_user table will be added with the snc_internal role and all ACLs without a role will be added with the snc_internal role.

Please have a look at its documentation 

https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/contextual-securit...

View solution in original post

0 Helpfuls
7 REPLIES 7

Go to solution
Alikutty A
Tera Sage
In response to quiksilver

‎05-22-2019 12:08 AM

This is talking about the explicit roles plugin, it may not help. Once you activate it, user will require the snc_internal role to access any table data. This will be helpful in restricting access b/w 2 different scripted rest APIs

0 Helpfuls

Go to solution
quiksilver
Mega Guru

‎05-22-2019 12:59 AM

So you don't suggest to enable explicit roles plugin ? 

 

as this may still allow access to users with no roles as long as they can login to write and read to any table .

 

 

0 Helpfuls

Go to solution
Alikutty A
Tera Sage
In response to quiksilver

‎05-22-2019 02:38 AM

Explicit roles plugin is a different concept and is primarily used with CSM for separating internal and external customers of Service Now. You will need to undertand its purpose and see if it is really required for your instance. Once it is activate all users in the sys_user table will be added with the snc_internal role and all ACLs without a role will be added with the snc_internal role.

Please have a look at its documentation 

https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/contextual-securit...

0 Helpfuls