Creating a ServiceNow User for Getint Integration
In general scenarios, Admin access is not provided to a ServiceNow instance. The best practice/recommendation is to create a dedicated user (with several different access controls) to connect a ServiceNow instance to Getint and sync the data.
How to Create a ServiceNow User
1. User Creation:
Log in to ServiceNow, click All at the top left corner, and navigate to the Users (under User Administration) section.
Click on New to create a new user, and enter all relevant user details.
Enter the User details, and click Submit to create the user.
Ensure that you untick Password needs reset when creating a new user. If you skip this step, the system will block the connection and display an error stating that you lack sufficient permissions. This message is misleading, as the issue isn’t related to permissions, but simply that the password is set to reset.
After creating the user, you can now generate a password. Do so by clicking Set Password in the right corner of the screen. Save the password, and now you can use the full credentials to create a connection with Getint.
2. Create a Role:
Navigate to System Security > Users and Groups > Roles.
Click on New and enter relevant details for the new role.
Click Submit to create the role.
3. Elevate System Admin to Security Admin:
Click on your profile image and select Elevate Role. In the pop-up, choose security_admin and click Update. This step elevates the System Admin to Security Admin and will allow you to modify the ACL settings.
4. Required ACLs for Getint Integration:
As we are tailoring access for our users, some base ACLs are required so that the connection with the ServiceNow instance works properly, allowing users to create, edit, and read their fields.
Here is a list of the needed ACLs, as well as their respective purpose in this process:
Dictionary Entry [sys_dictionary] This is the ServiceNow Data Dictionary, which defines the structure and attributes of every field on every table. The Getint user needs read access to this table to introspect the schema of the records being synchronized. By reading this table, Getint identifies a field's type (e.g., reference, string) and its properties (e.g., maximum length, required status). This information is crucial for accurately translating and mapping data types between ServiceNow and other software.
Field Class [sys_glide_object] This table stores definitions for the fundamental data types (e.g., string, integer, reference) used by fields across the instance.
The dedicated user requires read access to this table because it is closely related to sys_dictionary. It provides the low-level, technical classification of the field types. This access helps Getint's logic correctly interpret and handle the data being pulled or pushed, ensuring that all synchronized fields adhere to their native ServiceNow data constraints.
Choice [sys_choice] This table contains all the predefined drop-down options (choices) for choice fields in the system, such as Incident State or Priority values.
The Getint user must have read access to retrieve both the internal value (the numerical/system value) and the display label (the user-friendly name) for these choices. This is essential for the core integration function of status and value mapping, ensuring that a status correctly corresponds to the appropriate, valid choice value in ServiceNow.
Journal Entry [sys_journal_field] This table is where Journal-type field entries are stored, specifically, records like Additional comments and Work notes from synchronized tickets.
The dedicated user requires read and create/write access to this table to manage bi-directional communication. This access allows Getint to extract comments from a ServiceNow record to sync to the integrated software, and conversely, to write comments back into the correct ServiceNow journal field, maintaining a full communication history.
5. Granting User Access: Create Permission Records in ServiceNow
Go to System Security > Access Control (ACL). Now, in the ACL, create six new records as follows:
Record 1:
Click New to create a new record.
Select Read from the Operation dropdown.
In the Name field, select Dictionary Entry [sys_dictionary] in the first dropdown and * in the second dropdown.
Provide a Description.
In the Requires Role section, add the role created in Step 2 above.
Click Submit at the top right corner, and Continue to create the new ACL record.
Record 2:
Repeat the steps as Record 1, but this time select None in the second dropdown instead of the * (asterisk).
Record 3:
Repeat the previous steps, but in the Name field, choose Field class [sys_glide_object] in the first dropdown and * in the second dropdown.
Record 4:
Repeat the previous steps, but in the Name field, choose Choice [sys_choice] in the first dropdown and * in the second dropdown.
Record 5:
Repeat the previous steps, but in the Name field, choose Field class [sys_glide_object] in the first dropdown and None in the second dropdown.
Record 6:
Repeat the previous steps, but in the Name field, choose Journal Entry [sys_journal_field] and None in the second dropdown.
Do not forget to add the getint role in the Requires role section for all six records.
6. Configure User Permissions:
Go to Users Administration > Users.
Search for the user created in Step 1.
Click on the user ID and navigate to the Entitled Custom Tables section.
In the Roles tab, click Edit.
In the Collections section:
Search for itil and move it to the Roles list.
Also, search for the role created in Step 2 and add it to the Roles list.
Click Save and then Update to finalize the changes for the user.
With these steps, all permissions are now configured for this ServiceNow user, allowing to establish a connection between Getint and ServiceNow.
Last updated
Was this helpful?