ServiceNow Incident Connector Permissions

A detailed guide on permissions required for the ServiceNow Incident connector in RiskSense.

The user role needs to be web_service_admin.

The following permissions are required to obtain the form dynamically from ServiceNow:

Read access to the following tables and the columns inside the tables.

  1. sys_db_object
    • Extends table (super_class)
  2. sys_dictionary table:
    • Type (internal_type)
    • Reference (reference)
    • Column name (element)
    • Column label(column_label)
    • Table (name)
    • Dependent(dependent)
    • Dependent on field(dependent_on_field)
    • Mandatory (mandatory)
    • Choice (choice)
    • Max Length (max_length)
  3. sys_glide_object
  4. sys_choice
    • Label (label)
    • Value (value)
    • Element (element)
    • Dependent value (dependent_value)

The role must have create, read, and write access to the incident table. The role must also have read access to the reference fields in the incident form to the ones the user wants to modify.

Reasons for These Permissions:

  • sys_db_object table access is required to find the table name from which the incident table is inherited.
  • sys_dictionary table access is required to show a list of all the field that is part of an incident table and its parent table.
  • sys_glide_object table access is required to know what kind of field that was retrieved from sys_dictionary. It only requires table-level access and not field-level access.
  • sys_choice table access is required to know the choices of the field whose values are derived from that table.

The client can also restrict the data by adding an additional constraint on the ACL to prevent additional data access.

In the following screenshots, 'task' is the superclass of the 'incident' table.

ServiceNow Incident - sys_db_object

ServiceNow Incident - sys_dictionary

ServiceNow Incident - sys_glide_object

ServiceNow Incident - sys_choice

Permissions For Reference Dropdowns:

RiskSense fetches the records from the reference table from ServiceNow and shows the dropdowns for all reference dropdowns. To show the dropdown in RiskSense, a key and value for the dropdown are needed.

For all the reference tables, the value is a sys_id column in the table except for the 'sys_choice' table, where value is the 'value' column. DisplayValue is retrieved based on the reference table.

Steps to find the DisplayValue field for reference field:

  1. Find the parent table for the reference table.
  2. Filter sys_dictionary table with the table is either a reference table or parent table and display is true.

Let the reference table be "sc_cat_item_delivery_plan", and it is inherited from a table "sys_metadata". A list of permissions required are:

  • Read access to the sys_db_object table, table-level and field-level access, and limit the table name "sc_cat_item_delivery_task" and "sys_metadata".

ServiceNow Incident - Reference 1

Once we have permission, we can determine the parent table.

  • Read access to the sys_choice table, both table-level and field-level access, and also limit the access to table name "sc_cat_item_delivery_task" and "sys_metadata".

ServiceNow Incident - Reference 2

Once we have permission, we can find the display Field showing the displayValue for the drop-down option.

  • Read access to the "sc_cat_item_delivery_plan" both field level and table level to show the drop-down options.

ServiceNow Incident - Reference 3