Configuring for non-admin user
If you have decided to not use a read-only admin user to configure your ServiceNow instance, you will need to ensure that Quality Clouds has access to all the code and configuration tables required by setting up individual Access Control Lists on them. You can do so manually, working from the list of tables provided on this list, which is quite time consuming.
Or you can apply an Update Set provided by Quality Clouds. This Update Set will make the following changes in your instance:
- Create the qc_access role
- Assign the following roles to the qc_access role
- business_rule_admin
- catalog_admin
- client_script_admin
- data_policy_admin
- form_admin
- import_admin
- personalize_styles
- script_include_admin
- sn_change_write
- sp_admin
- ui_action_admin
- ui_policy_admin
- ui_script_admin
- web_service_admin
- workflow_admin
- Create read-only ACLs for the qc_access role to those tables which have ACLs restricting access to admin only, which are:
- sys_app_cateogry
- sys_dictionary_override
- sys_data_policy2
- sys_script_email
- sys_script_pattern
- sys_security_acl
- sysevent_script_action
- sysevent_in_email_action
- syslog_transaction
- wf_workflow_version
- v_index_creator (since version 22.1.1.0)
- sys_user.roles (since version 22.2.1.0 - only to roles column)
- scheduled_import_set
- sysauto_bm_script
- sysauto_pa
- sysauto_query_builder
- sysauto_scripts
- sysauto_summary_generator
- sysauto_report
- sysauto_template
- sysauto_custom_chart
Important
Please consider that if you have ACLs in place which could conflict with the ones included in these Update Sets, you will need to resolve these conflicts manually.
Role Change from version 22.1.1.0
If you were using a non-admin user Update Set before version 22.1.1.0, you will need to re-assign the role qc_access to the user configured to run the full scans. The older role (qc_access_role) which relied exclusively on ACLs is no longer used.
After the update set has been applied, you will need to manually create the user which Quality Clouds will use to connect to your instance and assign the qc_access role to that user. The snc_read_only role should also be assigned, to ensure that the access is read-only.
Be aware that incremental Update Sets will be published as Quality Clouds expands the functionality and required access to additional tables.
You can now proceed to step 3. Configure the user.
Update Sets for Operational Scans
The below update sets are required to enable access to the data fields which are used to monitor the operational behaviour of a productive ServiceNow instance. They are only required if the Quality Clouds Operational Scans product (aka admin bot) has been purchased. The update set for operational scans requires the base update set to be installed before it is applied.
This update set grants read only access to the following tables:
- cmn_department
- sys_user - only to the fields user_name, active, last_login
- sys_user_role - via the role usage_admin
- sys_user_has_role
Quality Clouds Release Version | Release Date | Full Configuration Update Set | Incremental Update Set (from previous release) |
---|---|---|---|
20.2.1.0 | April 29th, 2020 | N/A |