Skip to main content

Setting up a target system administrator

Bravura Security Fabric uses a designated account on ServiceNow IT Service Management Suite to perform Bravura Security Fabric operations. Create an account with appropriate permissions if one does not already exist.

  1. As an administrator, use a browser to log into ServiceNow IT Service Management Suite web site.

  2. In the left pane, click User Administration.

  3. Click Users.

  4. Select the user you want to promote.

  5. Click Edit next to Roles.

  6. Select admin > Add.

  7. Click Save.

In order to use the ServiceNow REST API architecture, an OAuth API endpoint for external clients must be created in addition to the target administrator.

  1. As an administrator, use a browser to log into the ServiceNow IT Service Management Suite website.

  2. In the left pane, navigate to System OAuth.

  3. Click Application Registry.

  4. Click New.

  5. Click the Create an OAuth API endpoint for external clients link.

  6. Add the details for the Name and Client Secret. Copy the Client ID for future usage.

  7. Click Submit.

  8. When adding the OAuth credentials to the target, the Client ID is entered as the Administrator ID and the Client Secret is entered as the Password . These OAuth credentials must be designated as the System password .

Notes on ServiceNow admin roles

In ServiceNow, permissions are controlled through a combination of roles. Access Control Rules (ACLs), and sometimes specific properties within the application. For example, if you want to allow a user to only view accounts and change passwords, you will need to configure the permissions accordingly, focusing on the user table (often sys_user) and associated records. The following is a summary of steps:

  1. Viewing Accounts: Users typically need the "itil" role or a custom role with read access to the user table (often "sys_user"). Configure ACLs to grant read access to necessary fields within user records.

  2. Changing Passwords: While typically restricted to users with admin or elevated privileges, you can create custom roles and ACLs to allow specific users to change passwords without full admin rights:

    1. Create a custom role (e.g., "password_admin") with permissions to change passwords.

    2. Configure ACLs on the user table to allow users with this role to update the password field. Be cautious, as this permission can pose security risks.

    3. Ensure ACLs restrict access to other fields and system areas.

    4. Provide user training on the responsibilities and security implications of changing passwords.

Always test configurations in a development or test instance before applying them to production to avoid unintended access issues. For more detailed instructions tailored to your version and setup, consult ServiceNow documentation or community forums.

In this section: