Prerequisites for Creating a Connection
You must satisfy the following prerequisites to create a ServiceNow Adapter connection.
Prerequisites for Oracle Integration Releases 23.04 or Later
When you create or edit your ServiceNow connection on release 23.04 or later of Oracle Integration, you must satisfy the following prerequisites.
Purchase a Subscription to ServiceNow
When you subscribe, you receive an instance name URL, user name, and password. This information is required for creating a ServiceNow Adapter connection in the Connections page. See Configure Connection Properties and Configure Connection Security.
Satisfy User and Role Requirements
You don't need to be an admin user to use the ServiceNow Adapter in Oracle Integration. If you want to assign an administrative role to a ServiceNow user, you can do so. Otherwise, you can create a custom user, assign the necessary roles, and create an Access Control List (ACL) for granting the necessary access to the following tables.
No matter if the user is an admin or a custom, the necessary permissions/accesses must be granted to the following tables.
Note the following:
-
Ensure that web services are enabled and respective permissions are assigned for the following tables in the ServiceNow instance.
-
Ensure the Integration User has the appropriate role.
-
A ServiceNow user with the default SOAP role (without any customization or changes) is required to configure or use the ServiceNow Adapter.
The applications and modules supported by the adapter are displayed for selection in the user interface when you add access to the following tables:
Permissions | Operation |
---|---|
sys_plugins |
Gets standard applications. |
sys_app |
Gets custom applications. |
sys_db_object |
Gets modules. |
sys_ui_section |
Gets view fields in get operations. |
sys_documentation |
Views the field labels instead of actual field names in the user interface. |
sys_package |
Fetches standard packages. Note: This permission is required for both connections (that is, invoke and trigger connections). |
sys_ui_element |
Gets view fields in get operations. |
sys_soap_message |
For insert/delete of ServiceNow outbound SOAP messages. Note: This permission is required only for trigger connections. |
sys_soap_message_function |
For insert ServiceNow outbound SOAP message functions. Note: This permission is required only for trigger connections. |
sys_script |
For insert/update/delete of ServiceNow business rules. Note: This permission is required only for trigger connections. |
sys_rest_message |
For insert/delete of ServiceNow outbound REST messages. Note: This permission is required only for trigger connections. |
sys_rest_message_fn |
For insert ServiceNow outbound REST message functions. Note: This permission is required only for trigger connections. |
sys_rest_message_headers |
For insert ServiceNow outbound REST message headers information. Note: This permission is required only for trigger connections. |
sys_dictionary |
For a field’s datatype, default value, character limit, dependency, and other attributes information. Note: This permission is required for both connections (that is, invoke and trigger connections). |
Create a Custom User and Assign the Required Permissions
- Create a custom role:
- Log in to the ServiceNow cloud application
(
xxx.service-now.com
) with administrator credentials. - On the home page, search for Roles in the search box in the left pane, and click Roles under User Administration in the search results.
- Click New to create a new role.
- Enter the required details and click Submit.
- Log in to the ServiceNow cloud application
(
- Enable web services for the preceding tables and assign permissions:
- Log in to the ServiceNow cloud application
(
xxx.service-now.com
) with administrator credentials. - On the home page, search for tables in the search box in the left pane, and click the Tables link under System Definition in the search results.
- Search for each of the ServiceNow tables from the preceding table using the Search box or locate a table using the show/hide filter.
- Click the table name or Business Rule (for the trigger role) in the search results.
- Locate and click the Application Access tab.
- For the invoke role, select the Can read check
box (you can refer to the following table for required permissions), and select the
Allow access to this table via web services check box if it
is not selected already.
Table Name Permission sys_db_object
Read Only sys_plugins
Read Only sys_app
Read Only sys_ui_section
Read Only sys_ui_element
Read Only sys_package
Read Only Note:
The applications supported by the adapter appear for selection in the user interface only if you give permissions to all three of the following tables:Table Name Permission sys_plugins
Read Only sys_app
Read Only sys_package
Read Only - For the trigger role, select the respective permission (refer to the
following table for required permissions), and select the Allow access to
this table via web services check box if it is not selected
already.
Table Name Permission sys_soap_message
Create, Update, and Delete sys_soap_message_function
Create, Update, and Delete sys_script
Create, Update, and Delete sys_rest_message
Create, Update, and Delete sys_rest_message_fn
Create, Update, and Delete sys_rest_message_headers
Create, Update, and Delete sys_db_object
Read Only sys_plugins
Read Only sys_app
Read Only sys_ui_section
Read Only sys_ui_element
Read Only sys_package
Read Only sys_documentation
Read Only
Note: Assign this permission if you want to view the field labels instead of the actual field names in the list.
This provides the required access for the table and provides permission to access the table with web services.
- Log in to the ServiceNow cloud application
(
- Create or modify the access control list to assign permissions for the
preceding tables.
- Assign the
security_admin
privileges to the admin user, if they are not assigned already. The admin user must havesecurity_admin
privileges to modify the access control lists.- On the Home page, click the lock icon. In case of user interface 16, select the Elevate Roles from the System Administrator drop-down list.
- Select the security_admin check box if it is not selected already.
- Search for Access Control in the Search box in the left pane and click Access Control (ACL) under System Security.
- Create two access control lists for a table (that is, table-level access control and field-level access control) to provide read, create, and write access to any table.
- Create the table-level access control list:
- Click New.
- For the invoke role, select record in the Type field, select read in the Operation field, and select a table name (for example, sys_plugins) in the Name field.
- For the trigger role, select record in the Type field, select create in the Operation field, and select a table name (for example, sys_soap_message) in the Name field.
- Under the Requires role section, search for the custom role (for example, Integration Specific Role), and click the check mark.
- Click Submit.
- Provide field-level access control:
- Click New.
- For the invoke role, select record in the Type field, select read in the Operation field, select a table name (for example, sys_plugins) in the Name field, and select * (asterisk) from the field next to the Name field.
- For the trigger role, select record in the Type field, select create in the Operation field, and select a table name (for example, sys_soap_message) in the Name field.
- Under the Requires role section, search for the custom role (for example, Integration Specific Role), and click the check mark.
- Click Submit.
- Assign the
- Similarly, you must create an access control list for the preceding table to
provide read, create, write, and delete permissions. If the access control list for a
table exists, you can add the custom role under the Requires Role
section.
- On the home page, search for users in the search box in the left pane and click Users under User Administration in the search results.
- Click New to create a new user.
- Enter the required values and click Submit.
- Search for the user with the user ID to assign roles.
- In the Roles section, click Edit.
- Search for the custom role (for example, Integration
Specific Role), SOAP, ITIL,
query_no_domain_table_api
, andrest_service roles
, and assign them to the user. - Click Save.
Prerequisites for Oracle Integration Releases Earlier Than 23.04
Perform the following prerequisites for Oracle Integration releases earlier than 23.04.
Purchase a Subscription to ServiceNow
When you subscribe, you receive an instance name URL, user name, and password. This information is required for creating a ServiceNow Adapter connection on the Connections page. See Configure Connection Properties and Configure Connection Security.
Satisfy User and Role Requirements
A ServiceNow user with the Admin role or a custom user can use the ServiceNow Adapter in Oracle Integration. You can create a custom user (for example, the Integration User) in ServiceNow that can be assigned a custom role that has access to the table names shown in the following table in ServiceNow.
-
Ensure that web services are enabled and respective permissions are assigned for the following tables in the ServiceNow instance.
-
Ensure the Integration User has the appropriate role.
-
A ServiceNow user with the default SOAP role (without any customization or changes) is required to configure or use the ServiceNow Adapter.
-
The default SOAP role has the following permissions: query, create, update, and delete records on all tables, and execute scripts. While this is verifiable, ServiceNow recommends using the Admin role.
Note:
If a SOAP role has been modified or the SOAP role is not functional, you must follow the ServiceNow recommendations and use the Admin role. If you do not want to assign the Admin role, you can create a custom role, add accesses to the following tables, and assign the default SOAP role to the custom role.Table Name | Permission |
---|---|
sys_soap_message |
For insert/delete of ServiceNow outbound SOAP messages.
Note: This permission is required only for trigger connections. |
sys_soap_message_function |
For insert ServiceNow outbound SOAP message functions.
Note: This permission is required only for trigger connections. |
sys_script |
For insert/update/delete of ServiceNow business rules.
Note: This permission is required only for trigger connections. |
sys_db_object |
To get modules. Note: This permission is required for both connections (that is, invoke and trigger connections). |
sys_package |
Fetches standard packages. Note: This permission is required for both connections (that is, invoke and trigger connections). |
sys_dictionary |
To fetch a field’s datatype, default value, character limit, dependency, and other attributes information. Note: This permission is required for both connections (that is, invoke and trigger connections). |
The applications and modules supported by the adapter are displayed for selection in the user interface when you add access to the following tables:
Permissions | Operation |
---|---|
|
Gets standard applications. |
|
Gets custom applications. |
|
Gets modules. |
|
Gets View fields in Get operations. |
sys_documentation |
Views the field labels instead of actual field names in the user interface. |
sys_package |
Fetches standard packages.
Note: This permission is required for both connections (that is, invoke and trigger connections). |
|
Gets View fields in Get operations. |
|
For insert/delete of ServiceNow outbound SOAP messages. Note: This permission is required only for trigger connections. |
|
For insert ServiceNow outbound SOAP message functions. Note: This permission is required only for trigger connections. |
|
For insert/update/delete of ServiceNow business rules. Note: This permission is required only for trigger connections. |
Create a Custom User and Assign the Required Permissions
- Create a custom role:
- Log in to the ServiceNow cloud application (
xxx.service-now.com
) with administrator credentials. - On the home page, search for Roles in the search box in the left pane, and click Roles under User Administration in the search results.
- Click New to create a new role.
- Enter the required details and click Submit.
- Log in to the ServiceNow cloud application (
-
Enable web services for the preceding tables and assign permissions:
-
Log in to the ServiceNow cloud application (
xxx
.service-now.com
) with administrator credentials. -
On the home page, search for tables in the search box in the left pane, and click the Tables link under System Definition in the search results.
-
Search for each of the ServiceNow tables from the preceding table using the Search box or locate a table using the show/hide filter.
-
Click the table name or Business Rule (for the trigger role) in the search results.
- Locate and click the Application Access tab.
- For the invoke role, select the Can
read check box (you can refer to the following table for
required permissions), and select the Allow access to this
table via web services check box if it is not selected
already.
Table Name Permission sys_db_object
Read Only sys_plugins
Read Only sys_app
Read Only sys_ui_section
Read Only sys_ui_element
Read Only sys_package
Read Only Note:
The applications supported by the adapter appear for selection in the user interface only if you give permissions to all the three tables listed below:Table Name Permission sys_plugins
Read Only sys_app
Read Only sys_package
Read Only You can refer to the following table for the required permissions when you want to create a ServiceNow Adapter connection with minimal accesses to the tables.
Table Name Permission sys_db_object
Read Only sys_package
Read Only -
For the trigger role, select the respective permission (refer to the following table for required permissions), and select the Allow access to this table via web services check box if it is not selected already.
Table Name Permission sys_soap_message
Create, Update, and Delete sys_soap_message_function
Create, Update, and Delete sys_script
Create, Update, and Delete sys_db_object
Read Only sys_plugins
Read Only sys_app
Read Only sys_ui_section
Read Only sys_ui_element
Read Only sys_package
Read Only sys_documentation
Read Only Note: Assign this permission if you want to view the field labels instead of the actual field names in the list.
This provides the required access for the table and allows permission to access the table with web services.
You can refer to the following table for the required permissions when you want to create a ServiceNow Adapter connection with minimal accesses to the tables.Table Name Permission sys_soap_message
Create, Update, and Delete sys_soap_message_function
Create, Update, and Delete sys_script
Create, Update, and Delete sys_db_object
Read Only sys_package
Read Only
-
- Create or modify the access control list to assign permissions for
the preceding tables.
- Assign the security_admin privileges to the admin user, if
it is not assigned already. The admin user must have security_admin
privileges to modify the access control lists.
- On the Home page, click the lock icon. In case of user interface 16, select Elevate Roles from the System Administrator drop-down list.
- Select the security_admin check box if it is not selected already.
- Search for Access Control in the Search box in the left pane and click Access Control (ACL) under System Security.
- Create two access control lists for a table (that is, table-level access control and field-level access control) to provide read, create, and write access to any table.
- Create the table-level access control list:
- Click New.
- For the invoke role, select record in the Type field, select read in the Operation field, and select a table name (for example, sys_plugins) in the Name field.
- For the trigger role, select record in the Type field, select create in the Operation field, and select a table name (for example, sys_soap_message) in the Name field.
- Under the Requires role section, search for the custom role (for example, Integration Specific Role), and click the check mark.
- Click Submit.
- Provide field-level access control:
- Click New.
- For the invoke role, select record in the Type field, select read in the Operation field, select a table name (for example, sys_plugins) in the Name field, and select * (asterisk) from the field next to the Name field.
- For the trigger role, select record in the Type field, select create in the Operation field, select a table name (for example, sys_soap_message) in the Name field, and select * (asterisk) from the drop-down list in the field next to the Name field.
- Under the Requires role section, search for the custom role (for example, Integration Specific Role), and click the check mark.
- Click Submit.
- Assign the security_admin privileges to the admin user, if
it is not assigned already. The admin user must have security_admin
privileges to modify the access control lists.
- Similarly, you must create an access control list for the preceding
table to provide read, create, write, and delete permissions. If the access
control list for a table exists, you can add the custom role under the
Requires Role section.
- On the home page, search for users in the search box in the left pane and click Users under User Administration in the search results.
- Click New to create a new user.
- Enter the required values and click Submit.
- Search for the user with the user ID to assign roles.
- In the Roles section, Click Edit.
- Search for the custom role (for example, Integration Specific Role), SOAP, and ITIL roles, and assign these roles to the user.
- Click Save.
Note:
When you create trigger endpoints using a new connection or an existing connection created prior to release 23.04 of Oracle Integration, you must provide access to the tables:sys_rest_message
, sys_rest_message_fn
, and
sys_rest_message_header
.
Prerequisites to Use the Authorization Code Credentials Security Policy and Resource Owner Password Credentials
You can configure the Resource Owner Password Credentials security policy and Authorization Code Credentials security policy to authenticate REST APIs. To use the Authorization Code Credentials security policy, you must perform the following prerequisites.
Note:
The ServiceNow Adapter only supports the Authorization Code Credentials security policy on Oracle Integration release 23.04 or later.Register an App and Obtain the Client ID and Client Secret
- Log in to the ServiceNow cloud application
(
xxx.service-now.com
) with administrator credentials. - On the home page, search for OAUTH in the search box in the left pane, and click Application Registry under System OAuth in the search results.
- Click Create an OAuth API endpoint for external clients.
- On the Application Registries page, click New.
- In the Name field, enter a name for your app.
- In the Redirect URL field, enter the redirect
URL in the following format:
https://{OIC_Host}:{OIC_SSL_PORT}/icsapis/agent/oauth/callback
- Click Submit. The system generates the client ID and client secret.
- On the Application Registries page, click the application you created.
- Copy the client ID and client secret values. You must enter these values on the Connections page when you configure security for your ServiceNow Adapter connection. See Configure Connection Security.
Assign Required Permissions to Tables
Note:
The ServiceNow Adapter only supports the Resource Owner Password Credentials security policy on Oracle Integration Release 23.08 or later.Permissions | Operation |
---|---|
sys_plugins |
Gets standard applications. |
sys_app |
Gets custom applications. |
sys_db_object |
Gets modules. |
sys_documentation |
Views the field labels, instead of actual field names in the user interface. |
sys_package |
Fetches standard packages. Note: This permission is required for both connections (that is, invoke and trigger connections). |
sys_script |
For insert/update/delete of ServiceNow business rules. Note: This permission is required only for trigger connections. |
sys_rest_message
|
For insert/delete of ServiceNow outbound REST messages. Note: This permission is required only for trigger connections. |
sys_rest_message_fn |
For insert ServiceNow outbound REST message functions. Note: This permission is required only for trigger connections. |
sys_rest_message_headers |
For insert ServiceNow outbound REST message headers info. Note: This permission is required only for trigger connections. |