Prerequisites for Creating a Connection
You must satisfy the following prerequisites to create a ServiceNow Adapter connection.
Purchase a Subscription to ServiceNow
When you subscribe, you receive an instance name URL, username, and password. This information is required for creating a ServiceNow Adapter connection in the Connections page. See Configure Connection Properties and Configure Connection Security.
Satisfy User and Role Requirements
A ServiceNow user with the Admin role or a custom user can use the ServiceNow Adapter in Oracle Integration. You can create a custom user (for example, the Integration User) in ServiceNow that can be assigned a custom role that has access to the table names shown in the following table in ServiceNow.
Ensure that web services are enabled and respective permissions are assigned for the following tables in the ServiceNow instance.
Ensure the Integration User has the appropriate role.
A ServiceNow user with the default SOAP role (without any customization or changes) is required to configure or use the ServiceNow Adapter.
The default SOAP role has the following permissions: can query, create, update, and delete records on all tables and execute scripts. While this is verifiable, ServiceNow recommends using the Admin role.
Note:
If a SOAP role has been modified or the SOAP role is not functional, you must follow the ServiceNow recommendations and use the Admin role. If you do not want to assign the Admin role, you can create a custom role, add accesses to the following tables, and assign the default SOAP role to the custom role.Table Name | Permission |
---|---|
sys_soap_message |
For insert/delete of ServiceNow outbound SOAP messages.
Note: This permission is required only for trigger connections. |
sys_soap_message_function |
For insert ServiceNow outbound SOAP message functions.
Note: This permission is required only for trigger connections. |
sys_script |
For insert/update/delete of ServiceNow business rules.
Note: This permission is required only for trigger connections. |
sys_db_object |
To get modules. Note: This permission is required for both connections (that is, invoke and trigger connections). |
Sys_package |
Fetches standard packages. Note: This permission is required for both connections (that is, invoke and trigger connections). |
The applications and modules supported by the adapter are displayed for selection in the user interface when you add accesses to the following tables:
Permissions | Operation |
---|---|
|
To get standard applications. |
|
To get custom applications. |
|
To get modules. |
|
To get View fields in Get operations. |
sys_documentation |
To view the field labels instead of actual field names in the user interface. |
sys_package |
To fetch standard packages.
Note: This permission is required for both connections (that is, invoke and trigger connections). |
|
To get View fields in Get operations. |
|
For insert/delete of ServiceNow outbound SOAP messages. Note: This permission is required only for trigger connections. |
|
For insert ServiceNow outbound SOAP message functions. Note: This permission is required only for trigger connections. |
|
For insert/update/delete of ServiceNow business rules. Note: This permission is required only for trigger connections. |
Create a Custom User and Assign the Required Permissions
- Create a custom role:
- Log in to the ServiceNow cloud application (
xxx.service-now.com
) with administrator credentials. - On the home page, search for Roles in the search box in the left pane, and click Roles under User Administration in the search results.
- Click New to create a new role.
- Enter the required details and click Submit.
- Log in to the ServiceNow cloud application (
-
Enable web services for the preceding tables and assign permissions:
-
Log in to the ServiceNow cloud application (
xxx
.service-now.com
) with administrator credentials. -
On the home page, search for tables in the search box in the left pane, and click the Tables link under System Definition in the search results.
-
Search for each of the ServiceNow tables from the preceding table using the Search box or locate a table using the show/hide filter.
-
Click the table name or Business Rule (for the trigger role) in the search results.
- Locate and click the Application Access tab.
- For the invoke role, select the Can
read check box (you can refer to the following table for
required permissions), and select the Allow access to this
table via web services check box if it is not selected
already.
Table Name Permission Sys_db_object
Read Only Sys_plugins
Read Only Sys_app
Read Only Sys_ui_section
Read Only Sys_ui_element
Read Only Sys_package
Read Only You can refer to the following table for the required permissions when you want to create a ServiceNow Adapter connection with minimal accesses to the tables.
Table Name Permission sys_db_object
Read Only Sys_package
Read Only -
For the trigger role, select the respective permission (refer to the following table for required permissions), and select the Allow access to this table via web services check box if it is not selected already.
Table Name Permission sys_soap_message
Create, Update, and Delete sys_soap_message_function
Create, Update, and Delete sys_script
Create, Update, and Delete sys_db_object
Read Only sys_plugins
Read Only sys_app
Read Only sys_ui_section
Read Only Sys_ui_element
Read Only Sys_package
Read Only sys_documentation
Read Only Note: Assign this permission if you want to view the field labels instead of the actual field names in the list.
This provides the required access for the table and allows permission to access the table with web services.
You can refer to the following table for the required permissions when you want to create a ServiceNow Adapter connection with minimal accesses to the tables.Table Name Permission sys_soap_message
Create, Update, and Delete sys_soap_message_function
Create, Update, and Delete sys_script
Create, Update, and Delete sys_db_object
Read Only Sys_package
Read Only
-
- Create or modify the access control list to assign permissions for
the preceding tables.
- Assign the security_admin privileges to the admin user, if
it is not assigned already. The admin user must have security_admin
privileges to modify the access control lists.
- On the Home page, click the lock icon. In case of user interface 16, select Elevate Roles from the System Administrator dropdown list.
- Select the security_admin check box if it is not selected already.
- Search for Access Control in the Search box in the left pane and click Access Control (ACL) under System Security.
- Create two access control lists for a table (that is, table level access control and field level access control) to provide read, create, and write access to any table.
- Create the table level access control list:
- Click New.
- For the invoke role, select record in the Type field, select read in the Operation field, and select a table name (for example, sys_plugins) in the Name field.
- For the trigger role, select
record in the
Type field, select
create in the
Operation field, and select a table
name (for example,
sys_soap_message
) in the Name field. - Under the Requires role section, search for the custom role (for example, Integration Specific Role), and click the check mark.
- Click Submit.
- Provide field level access control:
- Click New.
- For the invoke role, select
record in the
Type field, select
read in the
Operation field, select a table name
(for example,
sys_plugins
) in the Name field, and select * (asterisk) from the field next to the Name field. - For the trigger role, select
record in the
Type field, select
create in the
Operation field, select a table name
(for example,
sys_soap_message
) in the Name field, and select * (asterisk) from the dropdown list in the field next to the Name field. - Under the Requires role section, search for the custom role (for example, Integration Specific Role), and click the check mark.
- Click Submit.
- Assign the security_admin privileges to the admin user, if
it is not assigned already. The admin user must have security_admin
privileges to modify the access control lists.
- Similarly, you must create an access control list for the preceding
table to provide read, create, write, and delete permissions. If the access
control list for a table exists, you can add the custom role under the
Requires Role section.
- On the home page, search for users in the search box in the left pane and click Users under User Administration in the search results.
- Click New to create a new user.
- Enter the required values and click Submit.
- Search for the user with the user ID to assign roles.
- In the Roles section, Click Edit.
- Search for the custom role (for example, Integration Specific Role), SOAP, and ITIL roles, and assign these roles to the user.
- Click Save.