This section describes how to configure a ServiceNow server to allow the Aspire ServiceNow connector to retrieve security ACLs (Using Knowledge Base security).
To follow the steps in this guide, a user with enough permissions to create custom tables and scheduled jobs in the ServiceNow server is required.
Two tables are required for the configuration of the server: An “ACL Tables” table and a “ACL Table Users” table:
Log in to your ServiceNow server instance.Under “System Definition”, select the option “Tables”.
In the “Tables” page, click on “New” again.
We need a script to fill the ACLs tables and keep them updated. This script will be run with a ServiceNow Scheduled Job:
Code Block | ||
---|---|---|
| ||
Scheduled Job Creation
// Retrieve all Knowledge Bases
var kbs_record = new GlideRecord('kb_knowledge_base');
kbs_record.addQuery('active',true);
kbs_record.query();
// Admin user is stored to restore it after impersonations
var adminUser = gs.getSession().getUserName().toString();
var user_record = null;
var kb_record = null;
var acl_tables_record = new GlideRecord('u_acl_tables');
var acl_table_users_record = new GlideRecord('u_acl_table_users');
var kb_id = null;
// Each KB is inserted in the ACL Tables table
while(kbs_record.next()) {
kb_id = kbs_record.sys_id.toString();
acl_tables_record.initialize();
acl_tables_record.addQuery('u_table', kb_id);
acl_tables_record.query();
// If the knowledge base record is not on the table, we add it
if (!acl_tables_record.next()){
acl_tables_record.u_table = kb_id;
acl_tables_record.insert();
}
// For each KB, we verify if users are allowed to access it.
// If they do, a record is inserted in the ACL Table Users table
user_record = new GlideRecord('sys_user');
user_record.addQuery('active',true);
user_record.query();
while(user_record.next()) {
var impersonateSuccess = gs.getSession().impersonate(user_record.user_name);
if (impersonateSuccess){
kb_record = new GlideRecord('kb_knowledge_base');
acl_table_users_record.initialize();
acl_table_users_record.addQuery('u_table', kb_id);
acl_table_users_record.addQuery('u_user', user_record.user_name);
// If the user has permissions, we add the record
if (kb_record.get(kb_id) && kb_record.canRead()) {
acl_table_users_record.query();
// If the record is not already in the table, we add it
if (!acl_table_users_record.next())
{
acl_table_users_record.u_table = kb_id;
acl_table_users_record.u_user = user_record.user_name;
acl_table_users_record.insert();
}
}
// If the user has no permissions, we try to remove the record
else
{
acl_table_users_record.deleteMultiple();
}
}
gs.getSession().impersonate(adminUser);
}
} |