Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

ServiceNow API connection to Azure Synapse Analytics

Del4
Tera Contributor

‎02-08-2023 08:21 AM - edited ‎02-08-2023 08:44 AM

Hi all,

 

Im looking for some advice please. We are trying to connect our ServiceNow instance with Azure Synapse Analytics. We have created a user within the SN instance and added the following roles:

 

  • personalize_dictionary
  • itil
  • rest_api_explorer
    _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
  • web_service_admin

 

However, with these 3 roles we're getting the following error: HTTP Response code 403. If we add web_service_admin - we then get a HTTP Response code of 400. (As soon as we add the admin role to this user, the connection works fine)

 

Can anyone shade any light as to what role we are missing so we can remove the admin role as it doesnt state the roles required within this article: Copy data from ServiceNow - Azure Data Factory & Azure Synapse | Microsoft Learn

 

Many thanks

Del.

0 Helpfuls
  • 1,413 Views
3 REPLIES 3

rossida
Tera Contributor

Monday

Hi Del,

       I know this is an old thread but did you ever figure out which ROLES are needed for "least privilege" mode?

 

0 Helpfuls

Oliver Stammler
Tera Guru
In response to rossida

Monday

Hey @rossida,
normally it is best to open a new thread if you have a question instead of "re-starting" an old one. 😊

To answer your question: 
Nowadays you should configure the API user record as the type "Machine". 
This will set the "Web service access only" flag to true and you can monitor the account through the Machine Identity Console. 

In addition to that your user needs the correct roles to a) access the instance and b) access the records (read & write rights).
First you need the "rest_service" role (which was most likely the wrong role @Del4 had in the original post) to access the instance via REST API. The "rest_api_explorer" role is the role you need to access and use the ServiceNow internal REST API Explorer but this won't allow accounts to access the instance.
In addition to that you need to give your API user account the needed roles to access (read/write) the tables you want the integration to connect with. This is needed because of all the ACLs which are in place in your instance. 

Once you granted your API user these roles, everything should work fine.

Cheers
Oli

 

rossida
Tera Contributor
In response to Oliver Stammler

Tuesday

Hi Oli,

       Thank you so much for responding and I will ensure next time I will open a new thread.  I'll give this a try and fingers-crossed I hope I can get Azure Synapse to connect successfully. 

Thanks,

Rossida

0 Helpfuls