1. Using the ServiceNow Adapter with Oracle Integration Generation 2
  2. Create a ServiceNow Adapter Connection
  3. Prerequisites for Creating a Connection

Prerequisites for Creating a Connection

You must satisfy the following prerequisites to create a ServiceNow Adapter connection.

Purchase a Subscription to ServiceNow

When you subscribe, you receive an instance name URL, username, and password. This information is required for creating a ServiceNow Adapter connection in the Connections page. See Configure Connection Properties and Configure Connection Security.

Satisfy User and Role Requirements

A ServiceNow user with the Admin role or a custom user can use the ServiceNow Adapter in Oracle Integration. You can create a custom user (for example, the Integration User) in ServiceNow that can be assigned a custom role that has access to the table names shown in the following table in ServiceNow.

Ensure that web services are enabled and respective permissions are assigned for the following tables in the ServiceNow instance.

Ensure the Integration User has the appropriate role.

A ServiceNow user with the default SOAP role (without any customization or changes) is required to configure or use the ServiceNow Adapter.

The default SOAP role has the following permissions: can query, create, update, and delete records on all tables and execute scripts. While this is verifiable, ServiceNow recommends using the Admin role.

Note:

If a SOAP role has been modified or the SOAP role is not functional, you must follow the ServiceNow recommendations and use the Admin role. If you do not want to assign the Admin role, you can create a custom role, add accesses to the following tables, and assign the default SOAP role to the custom role.
A ServiceNow Adapter connection can be created with minimal accesses on the tables. However, only the modules supported by the adapter are displayed for selection in the user interface when you add accesses to the following tables:
Table Name Permission
sys_soap_message

For insert/delete of ServiceNow outbound SOAP messages.

Note: This permission is required only for trigger connections.

sys_soap_message_function

For insert ServiceNow outbound SOAP message functions.

Note: This permission is required only for trigger connections.

sys_script

For insert/update/delete of ServiceNow business rules.

Note: This permission is required only for trigger connections.

sys_db_object

To get modules.

Note: This permission is required for both connections (that is, invoke and trigger connections).

Sys_package

Fetches standard packages.

Note: This permission is required for both connections (that is, invoke and trigger connections).

The applications and modules supported by the adapter are displayed for selection in the user interface when you add accesses to the following tables:

Permissions Operation

sys_plugins

To get standard applications.

sys_app

To get custom applications.

sys_db_object

To get modules.

sys_ui_section

To get View fields in Get operations.
sys_documentation To view the field labels instead of actual field names in the user interface.
sys_package To fetch standard packages.

Note: This permission is required for both connections (that is, invoke and trigger connections).

sys_ui_element

To get View fields in Get operations.

sys_soap_message

For insert/delete of ServiceNow outbound SOAP messages.

Note: This permission is required only for trigger connections.

sys_soap_message_function

For insert ServiceNow outbound SOAP message functions.

Note: This permission is required only for trigger connections.

sys_script

For insert/update/delete of ServiceNow business rules.

Note: This permission is required only for trigger connections.

Create a Custom User and Assign the Required Permissions

  1. Create a custom role:
    1. Log in to the ServiceNow cloud application (xxx.service-now.com) with administrator credentials.
    2. On the home page, search for Roles in the search box in the left pane, and click Roles under User Administration in the search results.
    3. Click New to create a new role.
    4. Enter the required details and click Submit.

  2. Enable web services for the preceding tables and assign permissions:

    1. Log in to the ServiceNow cloud application (xxx.service-now.com) with administrator credentials.

    2. On the home page, search for tables in the search box in the left pane, and click the Tables link under System Definition in the search results.

    3. Search for each of the ServiceNow tables from the preceding table using the Search box or locate a table using the show/hide filter.

    4. Click the table name or Business Rule (for the trigger role) in the search results.

    5. Locate and click the Application Access tab.
    6. For the invoke role, select the Can read check box (you can refer to the following table for required permissions), and select the Allow access to this table via web services check box if it is not selected already.
      Table Name Permission
      Sys_db_object Read Only
      Sys_plugins Read Only
      Sys_app Read Only
      Sys_ui_section Read Only
      Sys_ui_element Read Only
      Sys_package Read Only

      You can refer to the following table for the required permissions when you want to create a ServiceNow Adapter connection with minimal accesses to the tables.

      Table Name Permission
      sys_db_object Read Only
      Sys_package Read Only
    7. For the trigger role, select the respective permission (refer to the following table for required permissions), and select the Allow access to this table via web services check box if it is not selected already.
      Table Name Permission
      sys_soap_message Create, Update, and Delete
      sys_soap_message_function Create, Update, and Delete
      sys_script Create, Update, and Delete
      sys_db_object Read Only
      sys_plugins Read Only
      sys_app Read Only
      sys_ui_section Read Only
      Sys_ui_element Read Only
      Sys_package Read Only
      sys_documentation Read Only

      Note: Assign this permission if you want to view the field labels instead of the actual field names in the list.

      This provides the required access for the table and allows permission to access the table with web services.

      You can refer to the following table for the required permissions when you want to create a ServiceNow Adapter connection with minimal accesses to the tables.
      Table Name Permission
      sys_soap_message Create, Update, and Delete
      sys_soap_message_function Create, Update, and Delete
      sys_script Create, Update, and Delete
      sys_db_object Read Only
      Sys_package Read Only
  3. Create or modify the access control list to assign permissions for the preceding tables.
    1. Assign the security_admin privileges to the admin user, if it is not assigned already. The admin user must have security_admin privileges to modify the access control lists.
      1. On the Home page, click the lock icon. In case of user interface 16, select Elevate Roles from the System Administrator dropdown list.
      2. Select the security_admin check box if it is not selected already.
    2. Search for Access Control in the Search box in the left pane and click Access Control (ACL) under System Security.
    3. Create two access control lists for a table (that is, table level access control and field level access control) to provide read, create, and write access to any table.
    4. Create the table level access control list:
      1. Click New.
      2. For the invoke role, select record in the Type field, select read in the Operation field, and select a table name (for example, sys_plugins) in the Name field.
      3. For the trigger role, select record in the Type field, select create in the Operation field, and select a table name (for example, sys_soap_message) in the Name field.
      4. Under the Requires role section, search for the custom role (for example, Integration Specific Role), and click the check mark.
      5. Click Submit.
    5. Provide field level access control:
      1. Click New.
      2. For the invoke role, select record in the Type field, select read in the Operation field, select a table name (for example, sys_plugins) in the Name field, and select * (asterisk) from the field next to the Name field.
      3. For the trigger role, select record in the Type field, select create in the Operation field, select a table name (for example, sys_soap_message) in the Name field, and select * (asterisk) from the dropdown list in the field next to the Name field.
      4. Under the Requires role section, search for the custom role (for example, Integration Specific Role), and click the check mark.
      5. Click Submit.
  4. Similarly, you must create an access control list for the preceding table to provide read, create, write, and delete permissions. If the access control list for a table exists, you can add the custom role under the Requires Role section.
    1. On the home page, search for users in the search box in the left pane and click Users under User Administration in the search results.
    2. Click New to create a new user.
    3. Enter the required values and click Submit.
    4. Search for the user with the user ID to assign roles.
    5. In the Roles section, Click Edit.
    6. Search for the custom role (for example, Integration Specific Role), SOAP, and ITIL roles, and assign these roles to the user.
    7. Click Save.