ServiceNow Connector Prerequisites

• Connector Requirements

• User Accounts and Application Permissions

• ServiceNow Setup for the Connector

• Resolving Scripted User Criteria

• Setting the User Account's Time Zone

Connector Requirements

Features	Supported	Additional Information
ServiceNow version	Yes
Searchable content types	Yes	All content types.
Content Update	Full and Incremental
Attachment support	Knowledge articles, Announcements
Permission Types
Required Software	Windows Server IIS .NET Framework v4.7.2

User Accounts and Application Permissions

Required Permission	Description
ServiceNow User Accounts	The ServiceNow connector requires the following: The Username and password of a ServiceNow account to access the content to be indexed. Refer to Account Permissions below. Access to other information in ServiceNow, such as the available: Users Groups Metadata Provides context with details such as the source, type, owner, and relationships to other data sets. Metadata provides details around the item being crawled by Connectivity Hub. Note: The time zone for the user account must be set to UTC. See Setting the User Account's Time Zone topic below.
Security	The user account specified above must have access to the following resources: announcement incident kb_article_template kb_knowledge kb_knowledge_base kb_uc_can_contribute_mtom kb_uc_can_read_mtom kb_uc_cannot_contribute_mtom kb_uc_cannot_read_mtom sc_cat_item sc_cat_item_user_criteria_mtom sc_cat_item_user_criteria_no_mtom sc_catalog sc_category sc_req_item sc_request sys_attachment sys_attachment_doc sys_audit_delete sys_db_object sys_dictionary sys_group_has_role sys_properties sys_user sys_user_grmember sys_user_group sys_user_has_role sys_user_role_contains user_criteria
Scripted REST API	To resolve user criteria, a Scripted Rest API must be added to the ServiceNow environment. See Resolving Scripted User Criteria

Permissions for knowledge templates

If you are using Knowledge Template tables, will also require read permissions. These tables may or may not exist in your installation, therefore any templates that are deployed and enabled cannot be listed in the permissions table above. To determine which tables are being used and require permissions, run the following query: /api/now/table/kb_article_template?sysparm_fields=child_table. Any child_table should be granted read access.

ServiceNow Setup for the Connector

Account Permissions

To complete the setup process, you:

• Create an account for the BA Insight ServiceNow Connector
  
• Apply user permissions for the account in ServiceNow

Use the following instructions to complete the account and permission setup process.

1. In ServiceNow, tables the account can read can be selected, and permissions given to the Connector to read the entries in the roles table (without being Admins): this is a requirement for reading the security.
   
2. However, in ServiceNow the rules go to the record level.
   1. "AFAIK," by default, has an ADMIN role with a special rule declaring it must not appear – this must be overridden and declared, so the Connector account can read it.
      See the following code:
      
      
      

By default, the condition declares:

• ADMIN role: Seen only by users who are members of the ADMIN role.
• SECURITY_ADMIN role: Seen only by users who are members of the SECURITY_ADMIN role.
• MAINT role and NOBODY role: Seen only by users who are members of the MAINT role.
• All other roles are seen by users as they are configured in the rules.

The condition must be changed. To change it, use the following instructions:

1. Rule is defined by default in the tenancy – in the System Security > Access Control List page:
   
   
   
   
2. Next, Elevate roles to SecurityAdmin privileges so that you can edit the record.
   
   
   
3. Edit the script of the record and ensure the user name is same one the connector uses and is returned as "true".
   
   
   
4. Alternatively:
   1. Option 1: Remove the script all together

   2. Option 2: Add another line at the top of the script:
      

   Copy

   if(gs.getUserID() == “The connector user sys_id”)
       answer = true
   else ….<the original snippet> ….

   3. More available functions here: https://www.servicenowguru.com/scripting/user-object-cheat-sheet/

Resolving Scripted User Criteria

For the connector to properly secure content, User Criteria must be resolved upon Security Sync Loads User and Group tables and executes the mapping based on the connector configuration. execution.

To resolve User Criteria a Scripted Rest API must be added to the ServiceNow environment.

1. Navigate to the Scripted Rest APIs interface.

2. Create a new Scripted Rest API.
   
   

3. Add a new Resource and Save.
   
   

   Copy

   (function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
   
       var userIds = request.body.data["userIds"];
       var ucIds = request.body.data["ucIds"];
   
       var bodyArray = [];
       for (var i = 0; i < userIds.length; i++)
       {
           var body = {};
           body.userId = userIds[i];
           var allCriterias = sn_uc.UserCriteriaLoader.getMatchingCriteria(userIds[i], ucIds);
           body.ucIds = allCriterias;
           bodyArray.push(body);
       }
   
       response.SetContentType('application/json');
       response.setStatus(200);
       response.setBody(bodyArray);
   
   })(request, response);

4. Use the Explore Rest API link on the bottom of the page.
   
   

5. Copy the POST URL to use in configuring the Connector.

Setting the User Account's Time Zone

For the connector to properly enumerate content, the user account must be assigned the UTC time zone.

To assign the UTC time zone to the user:

1. Go to the sys_user table.
   
2. Edit the service account user profile.
   
3. If the Time Zone field does not appear in the view, edit the view and add the field.
   
4. Set the Time Zone field to "UTC" and save the changes.