Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article explains how to grant table access to a service account in ServiceNow. The process involves creating a role, assigning it to a user, and configuring row-level and field-level access controls.
Prerequisites
- Ensure you have admin access in ServiceNow.
- Elevate to the
security_admin
role to make changes to Access Control Lists (ACLs).
Get started
Create a user
- Navigate to User Administration > Users.
- Click New to create a new user.
- Fill in the user details, such as
microsoft.copilot
for the User ID andMicrosoft
andCopilot
for the First Name and Last Name respectively. - Click Submit to save the user.
Create a role
- Navigate to User Administration > Roles.
- Click New.
- Enter a unique name for the role (e.g.,
Copilot connector account
). - Click Submit to save the role.
Assign the role to a user
- Navigate to User Administration > Users.
- Open the user record for the intended user (e.g.,
Microsoft Copilot
). - In the Roles related list, click Edit.
- Add the newly created role (
Microsoft Graph Connector Account
). - Click Save to finalize the assignment.
- Click on Update to update the user record.
Grant row-level access
To grant access to rows within a specific table, follow these steps:
- Elevate to the
security_admin
role. - Navigate to System Security > Access Control (ACL).
- Click New to create a new ACL record.
- Fill in the following fields:
- Type: Select record.
- Operation: Choose the 'read' operation.
- Name: Enter the table name (e.g.,
sys_dictionary
).
- In the Roles section, add the previously created role (
Microsoft Graph Connector Account
). - Click Submit to save the ACL.
Verification
- Impersonate the user (e.g.,
Microsoft Copilot
). - Access the target table (e.g.,
sys_dictionary
) and confirm that rows are visible. You will notice that though the user can view the rows, the field values are not visible. To grant field-level access, proceed to the next step.
Grant field-level access
If the user can view rows but not field values, field-level access must be configured.
- Navigate to System Security > Access Control (ACL).
- Click New to create a new ACL record.
- Fill in these fields:
- Type: Select record.
- Operation: Choose the 'read' operation.
- Name: Enter the table name (e.g.,
sys_dictionary
) and use*
in the field name to apply to all fields.
- In the Roles section, add the previously created role (
Microsoft Graph Connector Account
). - Click Submit to save the ACL.
Final verification
- Impersonate the user (e.g.,
Microsoft Copilot
). - Confirm that both rows and field values within the target table are now visible.
By following these steps, you have successfully granted table access to a service account in ServiceNow.