ServiceNow: Access to "xmlstats.do" without Admin Rights?

AyhanP
Giga Contributor
Hi everyone,
 
We are running an on-premises instance of ServiceNow in our organization. As part of our monitoring setup, we want to regularly query the "xmlstats.do" endpoint to check system availability and health.
 
Currently, access to this endpoint is only possible using an admin account. However, for security reasons, we would like to avoid using admin credentials for automated or recurring monitoring tasks.
 
Our question is:
Is there a way to grant a non-admin user permission to access "xmlstats.do"?
If so, which roles, ACLs, or configurations would be required?
 
We were pointed to four relevant sys_properties. Two of them seem potentially relevant to our use case:
• glide.security.diag.txns.acl
• glide.custom.ip.authenticate.allow
 
However, these settings seem to apply to entire IP ranges rather than specific users or roles.
 
I would really appreciate any insights, experiences, or best practices from the community — maybe someone has faced a similar challenge or already implemented a secure solution.
 
Thanks in advance for your support!
3 REPLIES 3

Maik Skoddow
Tera Patron
Tera Patron

Hi @AyhanP 

 

There is no documented or supported way to grant non-admin users access to xmlstats.do via roles or Access Control Lists (ACLs). The endpoint is protected at a system level, and ServiceNow does not provide a configuration option to allow non-admin access.

 

However, what many don't know:

  1. You can see on that page only the values from the current application you are logged-in at the moment.
  2. The values on that page are taken from table sys_cluster_node_stats. Just identify the right application node by column "Node ID" which points to the records in table sys_cluster_node and then pull the values from column stats

Maik

Hi Maik,

 

Thank you very much for your quick and helpful response.

 

Please excuse my follow-up questions — I’m still relatively new to the ServiceNow environment, which makes it a bit challenging for me to fully grasp certain aspects of your reply.

 

I have two specific questions regarding the cluster statistics:

 

  1. I can see the table sys_cluster_node_stat, but I’m unable to find the sys_cluster_node table. Could you please clarify why this might be the case? Is it possible that the table is restricted or hidden?

  2. The sys_cluster_node_stat table only seems to contain current records — in my case, I only see two entries, although our cluster consists of four nodes. Older records appear to be missing. Could you let me know which component is responsible for writing these records, and at what intervals this data is typically logged?

 

 

I really appreciate your support and look forward to your response.

 

Best regards,

Ayhan

AyhanP
Giga Contributor

Hi Maik,

 

I believe I may have misunderstood you and was heading in the wrong direction. I initially assumed that the table would provide status information — including possible errors — similar to what xmlstats.do returns.

 

However, that doesn’t seem to be the case. The content of the “stats” column appears to be completely different from the xmlstats.do output.

 

Would you be able to explain the significance of the ‘stats’ column with regard to ServiceNow monitoring?

 

Thank you again for your support, and apologies for the confusion.

 

Best regards

Ayhan