Check permissions and update credentials for tools — Workspace

  • Release version: Xanadu
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Check permissions and update credentials for tools — Workspace

    This guide explains how ServiceNow customers can verify permissions and update credentials (passwords, access tokens) for DevOps tools connected to the DevOps Change Workspace. Performing permission checks ensures that the credentials used have the necessary access rights for seamless data discovery and import from these external tools.

    Show full answer Show less

    Permission Checks

    • Permission checks validate if current tool credentials have full, partial, or no required permissions.
    • These checks help identify if credentials need higher-level permissions or replacement.
    • SonarQube and Rally do not support permission checks.
    • From the DevOps Change Workspace, navigate to Tools, select the tool, and use More Actions to run permission checks.
    • Specific steps vary by tool (e.g., Bitbucket uses "Check password permissions"; GitHub requires the GitHub app slug name for OAuth app permission checks).
    • Permission check results and the last check timestamp are displayed on the tool details page.

    Updating Credentials

    Updating credentials is necessary when current credentials lack sufficient permissions. The process involves:

    • Accessing the tool details page in the DevOps Change Workspace.
    • Selecting More Actions and then the appropriate update option based on the tool.
    • Entering new credentials, such as username, password, access token, or OAuth tokens depending on the tool and credential type.
    • Running a permission check on the new credentials before confirming the update.

    Important notes by tool:

    • Bitbucket: Update password and verify permissions.
    • Azure DevOps: Supports Basic Auth and OAuth; the user’s PAT owner must be in the Project Collection Administrators group for Project Administrator privileges.
    • Jira, Jenkins, JFrog: Support Basic Auth and OAuth (except Jenkins and JFrog do not support OAuth 2.0).
    • GitLab: Supports Basic Auth and OAuth.
    • GitHub, GitHub Enterprise: Supports Basic Auth and OAuth (GitHub app or OAuth app). GitHub app requires app slug for permission checks.
    • Argo CD, SonarQube, Rally: Do not support permission checks; credentials can be updated directly, and a permissions check is performed post-update.

    Permissions Required

    To ensure proper connection and functionality, credentials must have sufficient permissions on the third-party DevOps tools. If permissions are insufficient, updating credentials or elevating permissions on the external tool is recommended.

    You can perform permission checks and update credentials like passwords and access tokens for your tools from the tool details page.

    Permission checks

    You can perform permission checks on connected tools at any time, to verify if the existing credentials have the necessary permissions. This check helps to determine if there are possible impacts or if you must get a token or credential with higher-level permissions for the tool.
    Note:

    SonarQube and Rally doesn't have the option to check for permissions.

    1. From the DevOps Change Workspace, navigate to Tools and select the tool to open the details page.

      The Permission check result field shows whether the tool credentials have all the necessary permissions, have partial permissions, or if permissions haven't been checked. The Last Permission check field tells you when the permission checks were previously run.

    2. Click More Actions.
      • For Bitbucket, select Check password permissions.
      • For GitHub and GitHub Enterprise with OAuth credentials using the GitHub app, select Check credential permissions and then enter the GitHub app slug name. Click Check permissions.
      • For others, select Check credential permissions.

      You can see the status of the checks depending on your credential permissions. You need sufficient permissions on your credentials for seamless discovery and import.

    3. If permissions aren’t sufficient, it’s recommended to update the credentials with those having higher-level permissions, or update the permissions for the objects on the external tool.

    Update credentials

    You can update the tool credentials with credentials having sufficient permissions for seamless discovery and import of data from your tool.

    1. From the DevOps Change Workspace, navigate to Tools and select the tool to open the details page.
    2. Click More Actions. Depending on your tool, the options to update your credentials are displayed.
      Tool Steps
      Bitbucket
      1. Click Update password.
      2. Enter the user name and the new password.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you are satisfied with the permissions for your tool, then update the credentials.
      Azure DevOps
      1. Click Update credentials.
      2. Select the Credential type.
        • If the credential type is Basic Auth, enter the new password or access token.
        • If the credential type is OAuth, enter the new credential.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you’re satisfied with the permissions for your tool, then update the credentials.
        Note:
        Since the DevOps tool maps to an Azure DevOps organization, the Project Administrators privilege requires the owner of the PAT to be a member of the organization's Project Collection Administrators group.
      Jira, Jenkins, JFrog
      1. Click Update credentials.
      2. Select the Credential type.
        • If the credential type is Basic Auth, enter the new password or access token.
        • If the credential type is OAuth, enter the new credential.
        Note:
        OAuth 2.0 credentials are not available for Jenkins and JFrog.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you’re satisfied with the permissions for your tool, then update the credentials.
      GitLab
      1. Click Update credentials.
      2. Select the Credential type.
        • If the credential type is Basic Auth, enter the new password or access token.
        • If the credential type is OAuth, enter the new credential.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you’re satisfied with the permissions for your tool, then update the credentials.
      GitHub, GitHub Enterprise
      1. Click Update credentials.
      2. Select the Credential type.
        • If the credential type is Basic Auth, enter the user name and new password or access token.
        • If the credential type is OAuth using the GitHub app, enter the new credential. If you don't want to check for permissions, then click Update directly, and the credentials are updated.

          To check the permissions, you must enter the GitHub app slug name.

        • If the credential type is OAuth using the OAuth app (not the GitHub app) at GitHub end, enter the new credential.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you're satisfied with the permissions for your tool, then update the credentials.
      Argo CD, SonarQube, Rally These tools don't check for permissions. To update credentials:
      1. Click Update credentials.
      2. Enter the user name and new password or access token.
      3. Click Update to update the credentials.

      Permission checks are run on the new credentials. Once permissions check is completed, you can proceed with updating the credentials. If you want to abort the update, click Cancel.