Versions Compared

Old Version 10

changes.mady.by.user Pablo Bonilla

Saved on

compared with

New Version 11

changes.mady.by.user Marianela Solis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Easy Heading Free
navigationTitleOn this Page
wrapNavigationTexttrue

Introduction

This section describes how to configure a ServiceNow server to allow the Aspire ServiceNow connector to retrieve security ACLs (Using Knowledge Base security).

To follow the steps in this guide, a user with enough permissions to create custom tables and scheduled jobs in the ServiceNow server is required.

Custom Tables Creation

Two tables are required for the configuration of the server: An “ACL Tables” table and a “ACL Table Users” table:

Log in to your ServiceNow server instance.
  • In the “Filter Navigator” write the word “Tables”.

    • Image Removed

    Under “System Definition”, select the option “Tables”.
  • In the “Tables” page, click on “New”

    • Image Removed

    • In the “Tables – New Record” page, specify “ACL Tables” as the label of the table. The system will automatically assign the name of the table to “u_acl_tables”. It is essential that the name of this table be exactly that name, so please double-check it.

    Image Removed

    • At the bottom of “Tables – New Record”, insert a new column with the name “Table”. Set “Type” to “String” and the “Display” value to “true”, then click the “Submit” button. 

    Image Removed

    • Back to the “Tables” page, browse to the newly created “ACL Tables” table and set its “Extensible” attribute to “true”.

    Image Removed

    In the “Tables” page, click on “New” again.
    In the “Tables – New Record” page, specify “ACL Table Users” as the label of the table. The system will automatically assign the name of the table to “u_acl_table_users”. It is critical that the name of this table be exactly that name, so please double-check this one as well.
  • In the “Extends Table” option, browse and select the table we created previously (“ACL Tables”).

    • Image Removed

    • At the bottom of “Tables – New Record”, insert a new column with the name “User”. Set “Type” to “String” and the “Display” value to “true”, then click the “Submit” button.

    Image Removed

    • You should now have two tables in the “Tables” page: “ACL Tables” and “ACL Table Users”. Verify the details circled in red and continue.

    Image Removed

    Scheduled Job Creation

    We need a script to fill the ACLs tables and keep them updated. This script will be run with a ServiceNow Scheduled Job:

    • Go back to the “Filter Navigator” write “Scheduled Jobs”.

    Image Removed

    • Under “System Definition”, select the option “Scheduled Jobs”.
    • On the “Scheduled Jobs” page, click on “New”.

    Image Removed

    • On the “Automation Creator” page, select the “Automatically run a script of your choosing”.

    Image Removed

    • On the “Scheduled Script Execution – New Record” page, specify a name for the job and set a schedule according to your needs or the needs of your client. The script may be a long-running script, so plan accordingly.

    Image Removed

    • On the “Run this script” section, copy and paste the following script:
    Code Block
    themeRDark
    Scheduled Job Creation
// Retrieve all Knowledge Bases

var kbs_record = new GlideRecord('kb_knowledge_base');
kbs_record.addQuery('active',true);
kbs_record.query();

// Admin user is stored to restore it after impersonations
var adminUser = gs.getSession().getUserName().toString();

var user_record = null;
var kb_record = null;

var acl_tables_record = new GlideRecord('u_acl_tables');
var acl_table_users_record =  new GlideRecord('u_acl_table_users');

var kb_id = null;

// Each KB is inserted in the ACL Tables table
while(kbs_record.next()) {    
  kb_id = kbs_record.sys_id.toString();
  acl_tables_record.initialize();
  acl_tables_record.addQuery('u_table', kb_id);
  acl_tables_record.query();

  // If the knowledge base record is not on the table, we add it
  if (!acl_tables_record.next()){
    acl_tables_record.u_table = kb_id;
    acl_tables_record.insert();
  }
  
  // For each KB, we verify if users are allowed to access it. 
  // If they do, a record is inserted in the ACL Table Users table
  user_record = new GlideRecord('sys_user');
  user_record.addQuery('active',true);
  user_record.query();

  while(user_record.next()) {
    var impersonateSuccess = gs.getSession().impersonate(user_record.user_name);
    
    if (impersonateSuccess){
      kb_record = new GlideRecord('kb_knowledge_base');
      
      acl_table_users_record.initialize();
      acl_table_users_record.addQuery('u_table', kb_id);
      acl_table_users_record.addQuery('u_user', user_record.user_name);

      // If the user has permissions, we add the record
      if (kb_record.get(kb_id) && kb_record.canRead()) {
        acl_table_users_record.query();

        // If the record is not already in the table, we add it
        if (!acl_table_users_record.next())
        {
          acl_table_users_record.u_table = kb_id;
          acl_table_users_record.u_user = user_record.user_name;
          acl_table_users_record.insert();
        }
      }

      // If the user has no permissions, we try to remove the record
      else
      {
        acl_table_users_record.deleteMultiple();
      }
    }

    gs.getSession().impersonate(adminUser);
  }
}
    • Now click on the “Submit” button.

    Image Removed

    • Congratulations! Your ServiceNow server is now configured to be used with our ServiceNow connector. The connector will be able to query the table 'u_acl_table_users', using the Knowledge Base ID that every crawled document has, the result is a list of users with read permissions for that Knowledge Base.

    ...

    In order to crawl the identities (ACLs) for Salesforce objects, you have to include the queries for the following tables (in the queries file or each individual, 

    • User
    • Profile
    • PermissionSet
    • Group 

    For example:

    Profile=SELECT Id, Name, PermissionsEmailSingle, PermissionsEmailMass, PermissionsEditTask, PermissionsEditEvent, PermissionsExportReport, PermissionsImportPersonal, PermissionsManageUsers, PermissionsEditPublicTemplates, PermissionsModifyAllData, PermissionsManageCases, PermissionsManageCustomPermissions, PermissionsManageUnlistedGroups, UserLicenseId, UserType, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, Description, LastViewedDate, LastReferencedDate, UserLicense.Name, CreatedBy.Name, LastModifiedBy.Name FROM Profile

    User=SELECT Id, Username, LastName, FirstName, Name, CompanyName, Division, Department, Title, Street, City, State, PostalCode, Country, Latitude, Longitude, Email, EmailPreferencesAutoBcc, EmailPreferencesAutoBccStayInTouch, EmailPreferencesStayInTouchReminder, SenderEmail, SenderName, Signature, StayInTouchSubject, StayInTouchSignature, StayInTouchNote, Phone, Fax, MobilePhone, Alias, CommunityNickname, IsActive, TimeZoneSidKey, UserRoleId, LocaleSidKey, ReceivesInfoEmails, ReceivesAdminInfoEmails, EmailEncodingKey, ProfileId, UserType, LanguageLocaleKey, EmployeeNumber, DelegatedApproverId, ManagerId, LastLoginDate, DefaultGroupNotificationFrequency, LastViewedDate, LastReferencedDate, UserRole.Name, Profile.Name, Manager.Name, Contact.Name FROM User

    Group =SELECT Id, Name, DeveloperName, RelatedId, Type, Email, OwnerId, DoesSendEmailToMembers, DoesIncludeBosses, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, Owner.Name, CreatedBy.Name, LastModifiedBy.Name, Related.Name FROM Group

    User =SELECT Id, Username, LastName, FirstName, Name, CompanyName, Division, Department, Title, Street, City, State, PostalCode, Country, Latitude, Longitude, Email, UserRoleId, EmployeeNumber, DelegatedApproverId, ManagerId, LastLoginDate, LastPasswordChangeDate, CreatedDate, CreatedById, LastModifiedDate, LastModifiedById, SystemModstamp, OfflineTrialExpirationDate, OfflinePdaTrialExpirationDate, UserPermissionsMarketingUser, UserPermissionsOfflineUser, UserPermissionsCallCenterAutoLogin, UserPermissionsMobileUser, UserPermissionsSFContentUser, UserPermissionsKnowledgeUser, UserPermissionsInteractionUser, UserPermissionsSupportUser, UserPermissionsSiteforceContributorUser, DefaultGroupNotificationFrequency, LastViewedDate, LastReferencedDate, UserRole.Name, Profile.Name, Manager.Name, Contact.Name FROM User