REST API Access
To synchronize with ServiceNow, erm4sn requires read-only access to specific tables and fields using the Table REST API.
Required Tables and Fields
The following tables and fields are accessed by erm4sn to provide metadata synchronization and ensure efficient data model visualization:
| Table Name | Required Fields | Purpose |
|---|---|---|
sys_user | sys_id, user_name, sys_created_on | Used transactionally to detect customizations (not stored) |
sys_dictionary | * (all fields) | Stores metadata related to field definitions |
sys_app_application | * (all fields) | Provides details on scoped applications |
sys_app_module | * (all fields) | Stores module-level information within applications |
sys_documentation | * (all fields) | Contains descriptions and documentation for tables and fields |
sys_dictionary_override | * (all fields) | Manages field-level overrides across applications |
sys_collection | * (all fields) | Defines collections of related records |
sys_m2m | * (all fields) | Manages many-to-many relationships |
sys_scope | * (all fields) | Identifies the scope of applications and tables |
sys_metadata | * (all fields) | Stores additional metadata related to system records |
sys_db_object | * (all fields) | Manages database objects within ServiceNow |
Metadata Processing
erm4sn only processes metadata necessary for its functionality. The tables listed above are accessed for schema analysis, but only metadata is stored within the erm4sn service database.
The user_name field from the sys_user table is accessed only transactionally to detect customizations. This data is not stored persistently in the erm4sn service.
Data Privacy and Security
erm4sn is designed to work without accessing or storing sensitive, personal, or confidential data from your ServiceNow instance. It only processes and stores metadata related to your data model, ensuring that no personal user information is included.
Key Points
- No personal or transactional data is stored.
- Only schema metadata is processed for visualization and analysis.
- Access is limited to read-only permissions on the required tables.
For enhanced security, we recommend using a dedicated ServiceNow API user with read-only permissions restricted to the tables listed above.
Privacy & Authentication Best Practices
Anonymizing User Data
To enhance privacy, erm4sn includes an "Anonymize User Data" setting that masks user-related fields, such as sys_created_by. This ensures that personal identifiers are not exposed when processing metadata.
To configure Anonymize User Data, refer to: Anonymize User Data in System Settings
Secure Authentication with OAuth
For secure and efficient authentication, we recommend using OAuth with short-lived tokens instead of basic authentication when connecting erm4sn to your ServiceNow instance.
To configure OAuth authentication, refer to: Instance REST Credentials Guide