This section describes how to configure a ServiceNow server to allow the Aspire ServiceNow connector to retrieve security ACLs.
In order to follow the steps in this guide, a user with enough permissions to create custom tables and scheduled jobs in the ServiceNow server is required.
Two tables are required for the configuration of the server: An “ACL Tables” table and a “ACL Table Users” table:
We need a script to fill the ACLs tables and keep them updated. This script will be run with a ServiceNow Scheduled Job:
// Retrieve all Knowledge Bases var kbs_record = new GlideRecord('kb_knowledge_base'); kbs_record.addQuery('active',true); kbs_record.query(); // Admin user is stored to restore it after impersonations var adminUser = gs.getSession().getUserName().toString(); var user_record = null; var kb_record = null; var acl_tables_record = new GlideRecord('u_acl_tables'); var acl_table_users_record = new GlideRecord('u_acl_table_users'); var kb_id = null; // Each KB is inserted in the ACL Tables table while(kbs_record.next()) { kb_id = kbs_record.sys_id.toString(); acl_tables_record.initialize(); acl_tables_record.addQuery('u_table', kb_id); acl_tables_record.query(); // If the knowledge base record is not on the table, we add it if (!acl_tables_record.next()){ acl_tables_record.u_table = kb_id; acl_tables_record.insert(); } // For each KB, we verify if users are allowed to access it. If they do, a record is inserted in the ACL Table Users table user_record = new GlideRecord('sys_user'); user_record.addQuery('active',true); user_record.query(); while(user_record.next()) { var impersonateSuccess = gs.getSession().impersonate(user_record.user_name); if (impersonateSuccess){ kb_record = new GlideRecord('kb_knowledge_base'); acl_table_users_record.initialize(); acl_table_users_record.addQuery('u_table', kb_id); acl_table_users_record.addQuery('u_user', user_record.user_name); // If the user has permissions, we add the record if (kb_record.get(kb_id) && kb_record.canRead()) { acl_table_users_record.query(); // If the record is not already in the table, we add it if (!acl_table_users_record.next()) { acl_table_users_record.u_table = kb_id; acl_table_users_record.u_user = user_record.user_name; acl_table_users_record.insert(); } } // If the user has no permissions, we try to remove the record else { acl_table_users_record.deleteMultiple(); } } gs.getSession().impersonate(adminUser); } } |
---|