User privileges

  • Create one administrator user of ServiceNow system (please refer Add User section for creating a new user), dedicated to OpsHub Integration Manager. User should not be used to do any operations from ServiceNow User Interface.
  • Note: In case your ServiceNow is configured with SSO, you will have to create a normal service user account in ServiceNow and use that user in integration.
  • In case if administrator user is not available, dedicated user should have access to tables mentioned below. Please note that Read, Write, Delete, etc. mentioned in brackets beside table names, are the access permissions required on respective table. Refer Add user access for table for providing required permissions to the user.
    • sys_attachment (Read, Write, Delete)
    • sys_audit (Read, Read.*)
    • sys_db_object (Read, Read.*)
    • sys_dictionary (Read, Read.*)
    • sys_choice (Read, Read.*)
    • ecc_queue (Write)
    • sys_attachment_doc (Read)
    • sys_user (Read)
    • sys_journal_field (Read,Write,Delete)
    • sys_Transform_map (Read)
    • sys_transform_entry (Read)
    • sys_glide_object (Read)
    • task (Read, Read.*)
    • User should have Read and Write access to all the entity tables that needs to be synchronized. Eg., for incident to be synchronized, the user will need Read and Write access to the incident entity table.
  • Note: In above permissions, Read.* means there an ACL with * selected in columns with Read permission is required. Please refer Add user access for table for providing Read.* permission on a table.
  • In case you want to use fields of type ‘Reference’ (e.g. Assignment group, Category, etc), some extra permissions need to be provided. Please refer Syncing reference fields section for providing the required permissions.
  • Please note, in addition to Read.* ACL on a table (wherever applicable in the above list), to get access to all the fields you must ensure that each field of the table meets the following conditions:
    • Field should be marked ‘Active’ (Active column of the field should be set to ‘True’).
    • If read ACL is applied on the field, you will get access to the field only when you meet all the below-mentioned criteria associated with the ACL:
      • The condition associated with ACL must evaluate to ‘true’.
      • The script associated with ACL must evaluate to ‘true’ or return an answer variable with the value of ‘true’.
      • You must have one of the roles in the required roles list associated with ACL. If the list is empty, this condition evaluates to ‘true’.


Syncing reference fields

  • Reference fields are the fields that are referring to some other ServiceNow entity i.e. fields whose values are the records of some other entity. e.g. Assignment Group field in Incident entity refers to Group entity.
  • To synchronize such reference fields, the integration user must have ‘read’ permission for the columns sys_id and name or number (whichever is available) of the table/entity that is being referred by the field. The Allow access to this table via web services checkbox should be checked for allowing the access via REST API to the table being referred by the field.


Turning on auditing (history) for a table

ServiceNow tracks incident, change, and problem history in the sys_audit table. Enabling auditing tracks the creation and update of audited records. Audit must be enabled on the entity table (for example, not to its import set table but to the actual entity table like incident, problem, etc). To enable audit for a table, please refer Enabling audit for a table.


Enable OpsHub Integration Manager for ServiceNow instance

  • OpsHub Integration Manager must be enabled for the ServiceNow instance. You can get this app from ServiceNow appStore:
  • ServiceNow instance

  • On the OpsHub Integration Manager App page, click on Get and provide your ServiceNow HI Credentials.
  • You will see OpsHub Integration Manager for ServiceNow in Downloads tab by navigating System Applications -> Applications in your ServiceNow instance [The example below shows OpsHub Integration Manager for ServiceNow Enterprise]. Click on Install for OpsHub Integration Manager for ServiceNow applications.
  • ServiceNow instance

  • On successful installation, OpsHub Integration Manager for ServiceNow application will be available.


Appendix


Add user

  • Open ServiceNow.
  • Filter Users and click on Users.
  • Click on New.
  • Filter Users

  • Fill the details in the form and make sure that active checkbox is enabled.
  • Filter Users

  • Open created user and click on Edit Roles.
  • privileges

  • Add admin privileges from Collection and click on Save. In case you cannot provide admin privileges, please refer User Privileges section for providing required permissions to the user.
  • providing required permissions


Add user access for table

In ServiceNow, permissions are provided to a role which is assigned to user. Create a new role for your user. Refer Create role for creating a new role and assigning it to your user.
For reference, we are taking example of sys_audit table. Below steps are applicable for all the tables for which access needs to be provided to a user role.

Provide ‘read’ access to a table
  • Navigate to System Definition > Tables and open the definition for sys_audit table.
  • ServiceNow

  • Click on ‘add’ button in the ‘Access Controls’ section.
  • Select ‘read’ option in the ‘Operation field’.
  • Under ‘Requires role’ section, add the role for which read access needs to be provided.
  • ServiceNow

  • Click on ‘Submit’ and then click on ‘Update’ to update the table access controls.
Provide ‘write’ access to a table
  • Navigate to System Definition > Tables and open the definition for sys_audit table.
  • Click on ‘add’ button in the ‘Access Controls’ section.
  • Select ‘write’ option in the ‘Operation field’.
  • Under ‘Requires role’ section, add the role for which read access needs to be provided.
  • ServiceNow

  • Click on ‘Submit’ and then click on ‘Update’ to update the table access controls.
Provide ‘delete’ access to a table
  • Navigate to System Definition > Tables and open the definition for sys_audit table.
  • Click on ‘add’ button in the ‘Access Controls’ section.
  • Select ‘delete’ option in the ‘Operation field’.
  • Under ‘Requires role’ section, add the role for which read access needs to be provided.
  • Operation field

  • Click on ‘Submit’ and then click on ‘Update’ to update the table access controls.
Provide ‘read.*’ access to a table
  • Navigate to System Definition > Tables and open the definition for sys_audit table.
  • Click on ‘add’ button in the ‘Access Controls’ section.
  • Select ‘read’ option in the ‘Operation field’.
  • In the ‘name’ field, select table name in the first input box and ‘*’ in the second input box.
  • Under ‘Requires role’ section, add the role for which read access needs to be provided.
  • Click on ‘Submit’ and then click on ‘Update’ to update the table access controls.


Create Role

  • Navigate to User administration > Roles.
  • ServiceNow Prerequisites

  • Click on ‘New’.
  • Fill the required details and click on submit.
  • This will create a new role. Now you need to assign this role to your user.
  • Navigate to User Administration > Users.
  • Open the user for which this role needs to be assigned.
  • Click on ‘Edit’ under the ‘Roles’ section.
  • Select the role from the left section and click on the ‘Add’ button to add the role.
  • Click on ‘Save’.


Turn on auditing (history) for a table

  • Navigate to System Definition > Dictionary.
  • Select the table to audit
  • Select the dictionary entry for the table. The table name always has an empty column name and ‘Type’ ‘Collection’
  • Set the value for the ‘Audit’ column to ‘true’.