HTTP 403 Forbidden Error When Querying to ServiceNow
This entry details the typical causes of the error as well as the ServiceNow permissions needed to resolve them.
Date Entered: 2/5/2020 Last Updated: 2/5/2020 Author: Garrett Bird
When attempting to query the available tables and columns of your ServiceNow instance for the first time, there is a possibility that the process will fail with a 403 Forbidden Error. This is an error from the ServiceNow REST API which indicates that an authenticated user lacks the necessary permissions for certain resources within ServiceNow. The tables involved in discovering your instance's metadata are described below, alongside the ServiceNow permissions required to read from these tables.
From this table, we obtain the various resources we can issue HTTP requests for and model as tables. To enable access to this table, the admin user of the ServiceNow instance needs to go to the Access Controls window (ACL) of the instance. Within this window, the admin should create a [sys_db_object].[-- None --] object with Read access. Add this object to the itil role. From there, in the Users panel, the role should be delegated to the user authenticating with the CData Driver.
It is from this table that we discover the column definitions for the objects discovered earlier. To enable access to this table for a given user, the ServiceNow admin needs to add the personalize_dictionary role to the authenticated user. Alternatively, the admin can create a customized role that provides read-only access to the sys_dictionary table and assign it to the user.
While this table is generally not requested directly, sys_dictionary possesses some fields in which the values ultimately are referenced from this table. For that reason, access to this table is needed as well. To enable access to this table for a given user, perform steps similar to those done with the sys_db_object table.
We appreciate your feedback. If you have any questions, comments, or suggestions about this entry, please contact our support team at firstname.lastname@example.org.