In order to crawl the identities (ACLs) for Salesforce objects, you have to include the queries for the following tables (in the queries file or each individual,
For example:
Profile=SELECT Id, Name, PermissionsEmailSingle, PermissionsEmailMass, PermissionsEditTask, PermissionsEditEvent, PermissionsExportReport, PermissionsImportPersonal, PermissionsManageUsers, PermissionsEditPublicTemplates, PermissionsModifyAllData, PermissionsManageCases, PermissionsManageCustomPermissions, PermissionsManageUnlistedGroups, UserLicenseId, UserType, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, Description, LastViewedDate, LastReferencedDate, UserLicense.Name, CreatedBy.Name, LastModifiedBy.Name FROM Profile
User=SELECT Id, Username, LastName, FirstName, Name, CompanyName, Division, Department, Title, Street, City, State, PostalCode, Country, Latitude, Longitude, Email, EmailPreferencesAutoBcc, EmailPreferencesAutoBccStayInTouch, EmailPreferencesStayInTouchReminder, SenderEmail, SenderName, Signature, StayInTouchSubject, StayInTouchSignature, StayInTouchNote, Phone, Fax, MobilePhone, Alias, CommunityNickname, IsActive, TimeZoneSidKey, UserRoleId, LocaleSidKey, ReceivesInfoEmails, ReceivesAdminInfoEmails, EmailEncodingKey, ProfileId, UserType, LanguageLocaleKey, EmployeeNumber, DelegatedApproverId, ManagerId, LastLoginDate, DefaultGroupNotificationFrequency, LastViewedDate, LastReferencedDate, UserRole.Name, Profile.Name, Manager.Name, Contact.Name FROM User
Group =SELECT Id, Name, DeveloperName, RelatedId, Type, Email, OwnerId, DoesSendEmailToMembers, DoesIncludeBosses, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, Owner.Name, CreatedBy.Name, LastModifiedBy.Name, Related.Name FROM Group
User =SELECT Id, Username, LastName, FirstName, Name, CompanyName, Division, Department, Title, Street, City, State, PostalCode, Country, Latitude, Longitude, Email, UserRoleId, EmployeeNumber, DelegatedApproverId, ManagerId, LastLoginDate, LastPasswordChangeDate, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, OfflineTrialExpirationDate, OfflinePdaTrialExpirationDate, UserPermissionsMarketingUser, UserPermissionsOfflineUser, UserPermissionsCallCenterAutoLogin, UserPermissionsMobileUser, UserPermissionsSFContentUser, UserPermissionsKnowledgeUser, UserPermissionsInteractionUser, UserPermissionsSupportUser, UserPermissionsSiteforceContributorUser, DefaultGroupNotificationFrequency, LastViewedDate, LastReferencedDate, UserRole.Name, Profile.Name, Manager.Name, Contact.Name FROM User
Easy Heading Free | ||||
---|---|---|---|---|
|
This section describes how to configure a ServiceNow Salesforce server to allow the Aspire ServiceNow Salesforce connector to retrieve security ACLs (Using Knowledge Base security).
To follow the steps in this guide, a user with enough permissions to create custom tables and scheduled jobs in the ServiceNow Salesforce server is required.
Two tables are required for the configuration of the server: An “ACL Tables” table and a an “ACL Table Users” table:
We need a script to fill the ACLs tables and keep them updated. This script will be run with a ServiceNow Salesforce Scheduled Job:
Code Block | ||
---|---|---|
| ||
Scheduled Job Creation // Retrieve all Knowledge Bases var kbs_record = new GlideRecord('kb_knowledge_base'); kbs_record.addQuery('active',true); kbs_record.query(); // Admin user is stored to restore it after impersonations var adminUser = gs.getSession().getUserName().toString(); var user_record = null; var kb_record = null; var acl_tables_record = new GlideRecord('u_acl_tables'); var acl_table_users_record = new GlideRecord('u_acl_table_users'); var kb_id = null; // Each KB is inserted in the ACL Tables table while(kbs_record.next()) { kb_id = kbs_record.sys_id.toString(); acl_tables_record.initialize(); acl_tables_record.addQuery('u_table', kb_id); acl_tables_record.query(); // If the knowledge base record is not on the table, we add it if (!acl_tables_record.next()){ acl_tables_record.u_table = kb_id; acl_tables_record.insert(); } // For each KB, we verify if users are allowed to access it. // If they do, a record is inserted in the ACL Table Users table user_record = new GlideRecord('sys_user'); user_record.addQuery('active',true); user_record.query(); while(user_record.next()) { var impersonateSuccess = gs.getSession().impersonate(user_record.user_name); if (impersonateSuccess){ kb_record = new GlideRecord('kb_knowledge_base'); acl_table_users_record.initialize(); acl_table_users_record.addQuery('u_table', kb_id); acl_table_users_record.addQuery('u_user', user_record.user_name); // If the user has permissions, we add the record if (kb_record.get(kb_id) && kb_record.canRead()) { acl_table_users_record.query(); // If the record is not already in the table, we add it if (!acl_table_users_record.next()) { acl_table_users_record.u_table = kb_id; acl_table_users_record.u_user = user_record.user_name; acl_table_users_record.insert(); } } // If the user has no permissions, we try to remove the record else { acl_table_users_record.deleteMultiple(); } } gs.getSession().impersonate(adminUser); } } |