Creating a Service Account and Assigning Roles

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Create a dedicated non-interactive Service Account in User Administration and assign the appropriate SQL API access role to enable secure, programmatic access for BI tools and analytics platforms.

    Before you begin

    Role required: admin

    About this task

    To enable SQL API access for BI tools and analytics platforms, you must create a dedicated Service Account (non-interactive user) in ServiceNow and assign the appropriate role. Service Accounts are the recommended approach for programmatic access—using personal user accounts is discouraged, as reports and dashboards will fail if that user's permissions change or the user leaves the organization.

    You can create multiple Service Accounts, each with different roles and access levels. For example, one account may have ODBC access to a limited set of tables, while another has JDBC access to a broader dataset. This lets you apply granular access control per integration or team.

    Important:
    Consider creating Service Accounts for BI implementations to maintain report continuity. Personal user accounts should not be used—reports and dashboards will fail if the user loses access permissions or leaves the organization.

    Procedure

    1. Navigate to All > User Administration > Users.
    2. Select New.
    3. On the User form, fill in the following fields:
      Field Description
      User ID Create a unique identifier for this user's ServiceNow login username. For example: odbc.user, jdbc.user, or sqlapi.user.
      First name Enter the user's first name.
      Last name Enter the user's last name.
      Identity Type Select Machine from the dropdown list. This designates the account as a non-interactive user, meaning it can only connect to ServiceNow from an API protocol.
      Password needs reset Select the checkbox if you want the user to reset their password on first login. To set a temporary password, save the record first, then in the list view double-click the Password field for this user and set the password.
      Do not change any other settings.
      Note:
      Non-interactive (Machine) users cannot complete MFA challenges. Ensure MFA is disabled for all SQL API Service Accounts.
    4. Right-click the form header and select Save.
    5. On the Roles tab, select Edit.

      Each Service Account must be assigned at least one role to determine which SQL API protocol it is permitted to use. You can assign a single role or both roles to one account, or create separate accounts for each. Admins should consider using separate accounts with different roles when different security policies or access levels apply.

    6. In the Collection list, select one or both of the following roles and move them to the Roles list:
      • sn_odbc_rest_access: for accessing data via the ODBC driver
      • sn_jdbc_rest_access: for accessing data via the JDBC driver
    7. Select Save.

    Result

    The Service Account is now created with the appropriate SQL API access role. This account can be used to authenticate ODBC or JDBC connections from BI tools and analytics platforms. The account will only be able to query tables for which explicit access has been granted through Access Control Lists (ACLs). See Create Access Control Lists (ACLs) for SQL API.