I was provided a role by my ServiceNow administrator that “should work” but return codes in logs are suggesting permissions issues (HTTP 403). He asked if there was something more specific than what the documentation contains at present:
“The ServiceNow Administrator should have a service account that leverages basic authentication with read and write access to the CMDB tables.”
If anyone has the product working and can confirm the role the service account in SN has, I would appreciate if you would share, because my admin is asking/looking for a specific role that works without he and I going back and forth experimenting.
I have my systems shut down due to the tropical storm and can’t check at the moment, but my recollection is that there is a role for ‘assets’ and another for ‘restapi’, and both are needed. I can’t recall the exact role names but that may be helpful for searching.
Let me know and I should be able to check early Wednesday.
Was this confirmed? Is the soap role sufficient or are others needed? We had the older version installed and we only had it in preview mode. We uninstalled the latest version and support is stating the ServiceNow user must be an admin. This sounds too broad for updating properties in the CMDB. We have tried adding a few roles with the help of our admin and they seem to be working so far.
Also, support is stating the BigFix user must be a master operator due to reading the mailbox via an API. During testing we only had API access enabled for the service account but we never performed any syncing from ServiceNow.
I wish there was more documentation on this integration such as how to sync to various tables in the CMDB. It is unclear but it seems it only syncs to the hardware table. For example, we perform discovery with the midservers and this adds network adapters with their own MAC address. This helps track dependencies for change management. The default MAC address property is only in the hardware table and produces poor result when a device has multiple.
I’m not familiar with the ‘soap’ role and our integration doesn’t use SOAP, it’s based on REST. The roles I’ve assigned in my integrations for ServiceNow have been
(Apologies, I haven’t checked whether the latest release we just published changed that at all)
The note about the BigFix user being a master operator is correct, if syncing data from ServiceNow to BigFix, the ‘master operator’ account is needed because a normal operator, even one with rights to the endpoint, cannot post files to the client mailboxsite.
The integration does not currently sync from ‘various’ tables, it syncs specifically from the cmdb_ci_computer table; but the ServiceNow API does allow for ‘walking’ the relationships between tables. I’m not sure the format of your MID-based discovery, but for instance I’ve set up custom properties to bring properties of a computer’s owner assignment, defining the property in the configuration file as
This is the “dot-walk” notation to move from the computer, to the ‘users’ table, and pull the ‘name’ from the users table based on the assigned_to relationship. Perhaps a similar syntax might allow you to “dot-walk” from the cmdb_ci_computer table up to the hardware table, depending on how the relationships are set up?
Thank you @JasonWalker . We will give that a shot but how did you add a custom property to the XML? We are trying to do that but not working properly. There is a note in the integration PDF that states we can is the BigFix Property ID but no luck. For example, we added a custom serial number:
Thank you @JasonWalker - this is the detail I was hoping for. If this combination has been successful for you in multiple integrations, it would be good if this was included in the documentation.
I was able to implement in my lab against our SN test instance using the ServiceNow admin role due to lack of specifics. There is some hesitation from the team who manage SN to do that same thing in production so this is something I will definitely investigate further.
Search for property name and grab
Insert as the propertyname of the XML
In my example above I used the full property ID from the console. With the method above, only a small portion of that num,ber is needed. I hope this helps others wanting to add custom properties as it isn’t documented at the moment.
I agree it’s not always easy to find these details, but the documentation page at Configuration file may help with how to configure the properties.
The integer-value property ID is for Global Properties. You may also sync Analysis Properties as noted via
Note: BigFix Columns can be identified by using two patterns: Retrieved Property ID (int) or [SiteName]-[Analysis Name]-[PropertyNumber]