and more in a single search tool across platforms. Read the announcement here. |
11/07/2023 11:20 PM
Hi,
We have a requirement to integrate ServiceNow and Saviynt. Request forms and Approval workflows for application access request will be there in Service Now. Once the approval is done, then ServiceNow will call the required APIs of Saviynt to generate requests here.
We have successfully configured this setup and it is working. RITM gets opened first in ServiceNow when a request is raised using the myService app. After approval, a request gets generated in Saviynt which gets auto approved and a provisioning task gets created in Saviynt. After the WSRETRY job is run, the task is completed and the RITM in ServiceNow gets closed.
Problem :
We have provided a Saviynt Service Account to the Service Now team which they are using to invoke the APIs of Saviynt. This Service Account has Admin level privileges.
This was a security related finding and we were asked to minimize the privileges of this Service Account to the least privileges required.
We did the same and we limited the privileges of this user by limiting the capabilities of the SAVROLE associated with it. Now, when an RITM gets created in Service Now, an error is thrown at Service Now side which is this :
org.mozilla.javascript.EcmaError: Unexpected token: <
Caused by error in sys_script_include.db5052bddb1a1850f4e89ec2ca96191e.script at line 2594
And as a result, request ID DOES NOT get generated in Saviynt. Sharing the snapshot of the capabilities assigned to the SAVROLE here. Request your assistance in getting this resolved.
Best Regards,
Varun
11/10/2023 06:52 AM
Hi @varunpuri
Thanks for reaching out. I believe this might not be a permission issue from the error message in your post.
Can you please try assigning the "Admin: ServiceNow" feature access to the service account and generate the new tokens and validate the functionality again?