Introduction

This section describes how to configure a ServiceNow server to allow the Aspire ServiceNow connector to retrieve security ACLs (Using Knowledge Base security).

To follow the steps in this guide, a user with enough permissions to create custom tables and scheduled jobs in the ServiceNow server is required.

Custom Tables Creation

Two tables are required for the configuration of the server: An “ACL Tables” table and a “ACL Table Users” table:


  • Log in to your ServiceNow server instance.

  • In the “Filter Navigator” write the word “Tables”.



  • Under “System Definition”, select the option “Tables”.

  • In the “Tables” page, click on “New”



  • In the “Tables – New Record” page, specify “ACL Tables” as the label of the table. The system will automatically assign the name of the table to “u_acl_tables”. It is essential that the name of this table be exactly that name, so please double-check it.



  • At the bottom of “Tables – New Record”, insert a new column with the name “Table”. Set “Type” to “String” and the “Display” value to “true”, then click the “Submit” button. 



  • Back to the “Tables” page, browse to the newly created “ACL Tables” table and set its “Extensible” attribute to “true”.



  • In the “Tables” page, click on “New” again.

  • In the “Tables – New Record” page, specify “ACL Table Users” as the label of the table. The system will automatically assign the name of the table to “u_acl_table_users”. It is critical that the name of this table be exactly that name, so please double-check this one as well.

  • In the “Extends Table” option, browse and select the table we created previously (“ACL Tables”).



  • At the bottom of “Tables – New Record”, insert a new column with the name “User”. Set “Type” to “String” and the “Display” value to “true”, then click the “Submit” button.


  • You should now have two tables in the “Tables” page: “ACL Tables” and “ACL Table Users”. Verify the details circled in red and continue.





Scheduled Job Creation


We need a script to fill the ACLs tables and keep them updated. This script will be run with a ServiceNow Scheduled Job:

  • Go back to the “Filter Navigator” write “Scheduled Jobs”.



  • Under “System Definition”, select the option “Scheduled Jobs”.
  • On the “Scheduled Jobs” page, click on “New”.



  • On the “Automation Creator” page, select the “Automatically run a script of your choosing”.



  • On the “Scheduled Script Execution – New Record” page, specify a name for the job and set a schedule according to your needs or the needs of your client. The script may be a long-running script, so plan accordingly.



  • On the “Run this script” section, copy and paste the following script:


Scheduled Job Creation
// Retrieve all Knowledge Bases

var kbs_record = new GlideRecord('kb_knowledge_base');
kbs_record.addQuery('active',true);
kbs_record.query();

// Admin user is stored to restore it after impersonations
var adminUser = gs.getSession().getUserName().toString();

var user_record = null;
var kb_record = null;

var acl_tables_record = new GlideRecord('u_acl_tables');
var acl_table_users_record =  new GlideRecord('u_acl_table_users');

var kb_id = null;

// Each KB is inserted in the ACL Tables table
while(kbs_record.next()) {    
  kb_id = kbs_record.sys_id.toString();
  acl_tables_record.initialize();
  acl_tables_record.addQuery('u_table', kb_id);
  acl_tables_record.query();

  // If the knowledge base record is not on the table, we add it
  if (!acl_tables_record.next()){
    acl_tables_record.u_table = kb_id;
    acl_tables_record.insert();
  }
  
  // For each KB, we verify if users are allowed to access it. 
  // If they do, a record is inserted in the ACL Table Users table
  user_record = new GlideRecord('sys_user');
  user_record.addQuery('active',true);
  user_record.query();

  while(user_record.next()) {
    var impersonateSuccess = gs.getSession().impersonate(user_record.user_name);
    
    if (impersonateSuccess){
      kb_record = new GlideRecord('kb_knowledge_base');
      
      acl_table_users_record.initialize();
      acl_table_users_record.addQuery('u_table', kb_id);
      acl_table_users_record.addQuery('u_user', user_record.user_name);

      // If the user has permissions, we add the record
      if (kb_record.get(kb_id) && kb_record.canRead()) {
        acl_table_users_record.query();

        // If the record is not already in the table, we add it
        if (!acl_table_users_record.next())
        {
          acl_table_users_record.u_table = kb_id;
          acl_table_users_record.u_user = user_record.user_name;
          acl_table_users_record.insert();
        }
      }

      // If the user has no permissions, we try to remove the record
      else
      {
        acl_table_users_record.deleteMultiple();
      }
    }

    gs.getSession().impersonate(adminUser);
  }
}


  • Now click on the “Submit” button.



  • Congratulations! Your ServiceNow server is now configured to be used with our ServiceNow connector. The connector will be able to query the table 'u_acl_table_users', using the Knowledge Base ID that every crawled document has, the result is a list of users with read permissions for that Knowledge Base.



Disable checkingPremium suggestionsDisable checkingPremium suggestions

  • No labels

Copyright © 2024 Accenture

Contact Us: [email protected]