System Requirements - ServiceNow
Requirements
ServiceNow Kingston or later (including San-Diego)
Connectivity between your SCOM Management Servers and ServiceNow for REST API calls (TCP port 443 and potentially 80) either directly or via a proxy server
A valid Cookdown product license that includes ServiceNow
Discovered CIs with Fully Qualified Display Names that match SCOM Principal Names (Maintenance Mode Add-on only)
Service Account and Role Requirements
The ServiceNow Store Apps ship with a number of roles used internally. However, it does also require access to other sections of ServiceNow should you wish to make use of more complex functionality. In a heavily customized ServiceNow (or using heavily customized Advanced Creation Rules) you may need to add in your own Access Control Entries (ACEs) to your Access Control List (ACL). This section covers all of the roles that ship with our Store Apps, the default roles in a ServiceNow instance that may be used to grant access to certain features, and some of the areas that we feel are most likely to require or benefit from customization if you choose to use them.
Cookdown SCOM Connector Roles
These roles are all provided with our app from the ServiceNow AppStore.
Cookdown Connector User
This is essentially the user role for the Store App. It provides the user with access to configure the App, view support information, and use the getting started guide. It also inherits the Incident Creation Rule User, and SCOM Alerts User roles to provide access to all the functionality required to use the application.
SCOM Sync Service
Provides all the internal roles required for the Service account to operate.
Other Roles
There are other roles that ship with the store app, however, these are intended to be inherited to the roles listed above and may not work as you might expect on their own.
ServiceNow Roles
These roles are all provided with a default ServiceNow Instance.
ITIL
This role in ServiceNow allows a user to perform basic operations on tasks. This role is not strictly speaking required for either the service account or for users looking to use Creation Rules in default ServiceNow instances. However, both will be severely limited in capabilities without these.
It is typically used to provide access to Configuration Management Database (CMDB) Items (CIs), common task tables, and advanced features such as Post Processing and Advanced Creation Rules. You could replace this with another role linking in the required ACEs, but this has not been tested by Cookdown.
Catalog Admin
This role in ServiceNow allows the user to manage the 'Service Catalog' application, including catalog categories and items. For Connection Center this is only of interest as the only role by default to be allowed to create Catalog Tasks other than Admin.
You could use this role to allow the service account to create and interact with Catalog Tasks, however, we strongly recommend that you put in your own ACEs into your ACL to grant permission to access this table should you wish to use this feature. The Catalog Admin role is somewhat overkilling the Connection Center requirements.
Admin
This is the ServiceNow administrator role. It has special access to all system features, functions, and data. It is required to install/update the application and can be useful to the service account when performing troubleshooting actions.
It is also the only role to have access to the Task and Service Task tables by default. Should you wish to use these tables we strongly recommend that you put in new ACEs to your ACL to grant access to these tables.
Event Management Integration
If you are using Event Management instead of the Cookdown store application you may instead need to use the Event Management Integration role on your service account. In practice, this is often not required.