Custom read-only role for ServiceNow license reclamation
Note:This enhancement is available with SaaS Management.
You can now create a custom read-only role to reclaim ServiceNow and ServiceNow OAuth2 licenses. The following describes the custom read-only role permissions and instructions for creating this role.
Minimum Permissions Required
|
Integration |
Role |
Description |
Integration Task Name |
|
ServiceNow and ServiceNow OAuth2 |
itil, snc_read_only |
These roles are required for retrieving the ServiceNow users, and their activities. For details, refer to the Security jump start - ACL rules section of the ServiceNow documentation. |
Application Roster Application Access |
|
ServiceNow and ServiceNow OAuth2 |
user_admin |
This role is required for user license management in the reclamation task. For details, refer to the Base System Roles section of the ServiceNow product documentation. |
Reclamation |
|
ServiceNow OAuth2 |
admin |
This role is required to register the Client Application and to generate the Client ID and Client Secret in ServiceNow. |
Not applicable |
Note:Note the following:
| • | For an existing [ProductName] integration with ServiceNow added using rest-api_explorer permissions, you are required to elevate the role of the user used to authorize the integration with roles suggested in the table. |
| • | If you wish to have a custom role with a reading permission specific to the tables used in the integration API, then follow the steps mentioned below to create a custom role: |
| 1. | Log in to your ServiceNow instance as a security_admin, or log in as a system administrator. Elevate your role by clicking System Administrator. Navigate to Elevate Roles and enable the security_admin check box, which enables this permission to edit the Access Control List. |
| 2. | To create a custom role, navigate to the Roles tab by searching for the “roles” keyword in the All Applications menu on the left side of the screen. Click the New button and enter the desired name for the role. Click Submit to create this new role. |
| 3. | In the All Application navigator, search for the “Access Control” keyword. Click Access Control (ACL) to navigate to the Access Control tab. |
| 4. | In the Access Control tab, search for the access control keyword “sys_user_has_role”. Click on the record with the read operation type, add the custom role created under the Requires Role section, and click Update. |
| 5. | Repeat the same steps for the “sys_user_role” Access Control record, add the custom role created to the Requires Role section, and click Update. |