Skip to main content

Roles / ACLs

squid by arc46 Roles

acr46 squid defines four roles

  • x_a46gh_squidx.admin
  • x_a46gh_squidx.read
  • x_a46gh_squidx.rest
  • x_a46gh_squidx.defaultAccess

admin

admin authorizes members to edit custom configurations where any customer specific configuration must be defined.

admin allows read access to predefined configurations.

admin does not implicitly allow access to the API endpoint.

read

read authorizes members to read, but not edit, all configurations.

We suggest using this documentation when selecting the appropriate configurations and relations for your use case. Customer specific configuration however might have to be viewed in your ServiceNow instance or your own documentation if you create one.

read does not implicitly allow access to the API endpoint.

rest

rest allows access to the API endpoint.

rest does not implicitly allow read access to configurations.

rest is intended for technical service accounts.

defaultAccess

defaultAccess is set as configuration role for all predefined configurations. (API access to a configuration is only granted if the user has at least one of the role set on a configuration. See configuration role for details.)

defaultAccess is set as default value for configuration role for any new custom configurations you might create.

defaultAccess is intended for technical service accounts.

defaultAccess has no further function other than to restrict API access to configurations.

Where's the benefit if this is set for every configuration?

Long story, short: You can take it away.

Assume you have a calling system that you only want to grant access to one specific configuration.

This technical user of this calling system must have the role rest in order to access squid itself.
This technical user should NOT have the role defaultAccess, preventing him from accessing any predefined configurations.

You then have two options:

  • you don't set any configuration role on the configuration you want to grant access to. This will give anybody with the role rest access to this configuration or
  • you set a configuration role on the configuration restricting access to that role.

The result is that this technical user has access ONLY to this one configuration.

Just a reminder: Editing a predefined configuration is not possible. Recreate the configuration you want to edit with the exact same name and make changes on your copy.

Last updated on