How to grant read access for a service account user to access only one table in ServiceNow

Lakshmi24 · 10 hours ago

Hello,

I created a custom table which created a read acl with new custom role and now i created a new Service account user and added the custom role to it.

But when i test this from Alteryx designer tool ServiceNow input, this user is able to access all the tables.

How can i achieve the user to access only the custom table but not the other system tables.

Any help is appreciated and Thank you in advance.

Matthew Green2 · 10 hours ago

Your service account can see all tables because it still has other roles (direct or via groups) that grant broader access.
Remove every role except your custom role, and then create Deny ACLs or no-access ACLs on the other tables so that only your custom table has an Allow ACL for that role.

Lakshmi24 · 8 hours ago

Hi Matthew,

Thanks for your quick reply!

I created a custom table and it has only custom role. Do i have to create Deny ACLs on every table?

If yes, i am thinking it's difficult to maintain every time when new table is created.

Matthew Green2 · 5 hours ago

No—you will not need to create Deny ACLs for EVERY table, and you shouldn’t.
A cleaner approach is to make sure the service account has only your custom role, then review and tighten any overly-broad ACLs (like table “*” ACLs or CMDB ACLs with no roles defined).

Once those broad ACLs are fixed, the user will only have access to your custom table, and any new tables will automatically remain inaccessible without extra work

Ankur Bawiskar · 2 hours ago

@Lakshmi24

I believe you must be using OOTB Table API.

This is the reason why Scripted REST API are recommended over Table API as it controls the access as the request is handled by script.

💡 If my response helped, please mark it as correct ✅ and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader