Logo

Service Now Connector - Account Setup

Overview

We will cover the least amount of permissions required to have your Service Now connector functioning and secure


Considerations

  • Windows MID Server Setup
    • Your company policies around services and running them as service accounts
    • Service account access rights to windows servers (Logon locally, logon as a service, Run a batch job, administrator and so forth)
    • Rights to stop/start the MID service and/or reboot the server
  • Linux MID Server Setup
    • Your company policies on elevated privileges to Linux Servers
    • Ability to stop/start the MID services and/or reboot the server
  • ServiceNow Connector installation and setup
    • You have licensed the ServiceNow module
    • Have followed the pre requisite documentation for the SovLabs ServiceNow Connector
  • vRA
    • If you intend to use Account Mapping in Service Now, the service account being used to access vRA needs appropriate rights to the correct tenant / business group
    • Day 2 actions require accounts to have appropriate access to vRA and their tenant/business group
  • vRO
    • Account with enough access to vRO and entitlements to vRA to be able to import blueprints for deployment
  • Service Now Connector
    • Account requires elevated access to certain tables within Service Now


Procedure

Windows MID Server

  1. If using a windows service account
    1. Run as a service
    2. Local administrator rights on the MID server
  2. If not using a service account.. No changes on the server
  3. Whom ever needs to manage the Mid server service will need rights to 
    1. Log on locally
    2. Remote desktop users
    3. Local admin rights or a explicitly set permission on the MID server service

Linux MID Server

  1. ServiceNow recommends not to use the root account to run the MID server on a Linux machine, the permissions required are:
    1. RWX on the mid server installation directory
    2. RWX on the /tmp directory
  2. The person who needs to be able to stop/start services or reboot the server must have the appropriate permissions on the service or server
    1. visudo updated to provide access to the MID server service so they can stop/start/restart
    2. sudo access to the server so they can restart the server (as required)

ServiceNow Connector

NOTE:  Although possible to have a non administrative account perform the installation / configuration tasks of the ServiceNow connector, it would require a significant amount of effort and an in depth knowledge of the tables and system properties the user would need in order to achieve this. We recommend having your ServiceNow administrator perform this task on your behalf.

  1. The user account performing the import / configuration must be an administrator in service now.

  2. Set permissions on the following tables for the ServiceNow connector installation

    Table Name

    Type

    Read

    Create

    Update

    Create

    Question_choice

    All Application Scopes

    Sc_cat_item

    All Application Scopes

    Item_option_new

    All Application Scopes

vRA access

  1. The service account must have the following permissions in vRA:
    1. Tenant Role
      1. XaaS Architect
    2. Business Group Role
      1. Group Manager

vRO access

  1. When creating the link to your vRO server from Service Now (SovLabs → vRO servers), The account used will need the following permissions on your vRO server
    1. Admin

Service Now

  1. If using a specific account for MID server in ServiceNow 
    1. mid_server role



Additional information

SovLabs ServiceNow Connector documentation: http://docs.sovlabs.com/latest/vRA/7.6/connectors/service-mgmt/servicenow-connector/
SovLabs ServiceNow Connector pre requisites: http://docs.sovlabs.com/latest/vRA/7.6/connectors/service-mgmt/servicenow-connector/prerequisites/
ServiceNow Linux MID Server permissions: https://hi.service-now.com/kb_view.do?sysparm_article=KB0682426
ServiceNow Linux MID Server installation: https://docs.servicenow.com/bundle/madrid-servicenow-platform/page/product/mid-server/task/t_InstallAMIDServerOnLinux.html
ServiceNow Windows MID server setup / permissions : https://docs.servicenow.com/bundle/london-servicenow-platform/page/product/mid-server/task/t_SetupMIDServerRole.html
ServiceNow MID Server role: https://docs.servicenow.com/bundle/helsinki-servicenow-platform/page/product/mid-server/reference/r_MIDServerRole.html


Bolty McBoltFace -
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.