ServiceNow Connector Prerequisites

Connector Requirements

Features Supported Additional Information
ServiceNow version Yes
Searchable content types Yes All content types.
Content Update Full and Incremental
Attachment support Knowledge articles, Announcements
Permission Types

Required Software
  • Windows Server
    • IIS
  • .NET Framework v4.7.2



User Accounts and Application Permissions

Required Permission Description
ServiceNow User Accounts

The ServiceNow connector requires:

  • Username and password of a ServiceNow account to access the content to be indexed.
  • Access to other information in ServiceNow, such as the available:
    • Users
    • Groups
    • Metadata
  • Note: The time zone for the user account must be set to UTC. See "Setting the User Account's Time Zone" topic below.
Security

The user account specified above must have access to the following resources:

  • announcement
  • cmn_cost_center
  • cmn_department
  • cmn_location
  • core_company
  • incident
  • kb_knowledge
  • kb_knowledge_base
  • kb_uc_can_contribute_mtom
  • kb_uc_can_read_mtom
  • b_uc_cannot_contribute_mtom
  • kb_uc_cannot_read_mtom
  • sc_cat_item
  • sc_cat_item_user_criteria_mtom
  • sc_cat_item_user_criteria_no_mtom
  • sc_catalog
  • sc_category
  • sc_req_item
  • sc_request
  • sn_hr_core_m2m_condition_criteria
  • sys_attachment
  • sys_attachment_doc
  • sys_audit_delete
  • sys_dictionary
  • sys_group_has_role
  • sys_user
  • sys_user_grmember
  • sys_user_group
  • sys_user_has_role
  • sys_user_role_contains
  • user_criteria

ServiceNow Setup for the Connector

Account Permissions

To complete the setup process, you:

  • Create an account for the BA Insight ServiceNow Connector
  • Apply user permissions to it in ServiceNow

Use the following instructions to complete the account and permission setup process.

  1. In ServiceNow, tables the account can read can be selected, and permissions given to the Connector to read the entries in the roles table (without being Admins): this is a requirement for reading the security.
  2. However, in ServiceNow the rules go to the record level.
    1. "AFAIK," by default, has an ADMIN role with a special rule declaring it must not appear – this must be overridden and declared, so the Connector account can read it.
      See the following code:


By default, the condition declares:

  • ADMIN role: Seen only by users who are members of the ADMIN role.
  • SECURITY_ADMIN role: Seen only by users who are members of the SECURITY_ADMIN role.
  • MAINT role and NOBODY role: Seen only by users who are members of the MAINT role.
  • All other roles are seen by users as they are configured in the rules.

The condition must be changed. To change it, use the following instructions:

  1. Rule is defined by default in the tenancy – in the System Security > Access Control List page:



  2. Next, Elevate roles to SecurityAdmin privileges so that you can edit the record.


  3. Edit the script of the record and ensure the user name is same one the connector uses and is returned as "true".


  4. Alternatively:
    1. Remove the script all together

      or

    2. Add another line at the top of the script:

      if(gs.getUserID() == “The connector user sys_id”)
    answer = true
else ….<the original snippet> ….

      More available functions here: https://www.servicenowguru.com/scripting/user-object-cheat-sheet/

Setting the User Account's Time Zone

For the connector to properly enumerate content, the user account must be assigned the UTC time zone.

To assign the UTC time zone to the user:

  1. Go to the sys_user table.
  2. Edit the service account user profile.
  3. If the Time Zone field does not appear in the view, edit the view and add the field.
  4. Set the Time Zone field to "UTC" and save the changes.