Oleria provides adaptive and autonomous access that sets your business free. As part of that promise, we provide deep integration of your ServiceNow application access graph into the Oleria platform with a simple series of onboarding steps. The information below is a comprehensive guide to onboarding your ServiceNow application instance.
1. ServiceNow roles and permissions
Prior to creating the Oleria OAuth client endpoint (as described in step 2), you will need to validate that the user account you plan to use has the following roles and permissions in ServiceNow:
Table
Purpose
Operation
Name
Tables (sys_db_object)
Tables is a table that contains a row for each table in your ServiceNow instance. This table is used to generate a list of tables to perform an action or trigger events from.
read
sys_db_object
sys_db_object.*
Dictionary Entry (sys_dictionary)
Contains details for each table and columns in each table in your ServiceNow instance. This table is used to generate input and/or output fields when you select a table to perform and action.
read
sys_dictionary
sys_dictionary.*
Some Base system roles (such as admin) will include access control to these tables. However, if you wish to grant only the minimum required access control to use the ServiceNow connector, you may want to create a custom role with these access control.
On top of these, the user must also have the necessary access control to the tables that are required in the integration use case. For example, to create an integration user that can perform standard ITIL helpdesk actions (open, update, close incidents, problems, changes, configuration management items), you will need to assign it the itil role. To grant access only to specific tables or tables besides those available in the base system roles, we recommend creating custom roles and assigning the appropriate access control as needed.
Creating custom roles
If you do not wish to use any of the Base system roles to connect, then you can create a custom role with sufficient access control for the tables you want to work with.First, create a role in your ServiceNow instance with a name that indicates usage with the connector (For example, Oleria integrator). Refer to this documentation for more details about creating roles. When this is completed, your new role must be given the following access control rules to use the ServiceNow connector.
Only a user with security_admin role has the ability to edit or create access control. Check with your ServiceNow administrator if you are unsure. Read more about Elevated privilege roles
Next, this role should be assigned the relevant access control to use the triggers/actions you need in your integration use case. For a workflow that requires triggering of closed incident events, the user must have a custom role that includes access control to read and write to the incident table.
Table
Purpose
Operation
Name
Incident
record
read
incident
Incident
record
write
incident
Additional access control required for specific tables
Remember to elevate to a privileged role (security_admin) to edit Access Control records.

Elevate to privilege role

Granting access control rule for incident table to custom role
2. Oleria OAuth client endpoint
Sign in to your ServiceNow instance as an admin, and create the Oleria application OAuth client in the ServiceNow Application Registry to represent the connection between Oleria and your organization's ServiceNow instance. Note that Oleria uses Workato to facilitate retrieval of your organization's access information, and this will require integration of some Workato-specific endpoints.

ServiceNow Application Registry (click New)

Create an OAuth API endpoint for external clients

Fill in Name (e.g. Oleria Integration), and Submit the new record
Warning: ServiceNow's OAuth 2.0 refresh tokens expire after 100 days. To ensure that your Oleria integration continues to work, manually referesh the connection before expiry. Learn more about ServiceNow's OAuth2.
After creating the Oleria OAuth client, please view the integration from the ServiceNow Application Registry, and note down the Client ID and generated Client Secret. You will need these two pieces of information as well as the ServiceNow instance name when connecting ServiceNow from the Oleria Integrations page
3. Contact us
If you have any questions about this integration, please contact Oleria at info@oleria.com.
Adaptive and autonomous access is possible. Make sure you're up to date on the details.



