How to verify if a user has privileges to access fields on a table for SOAP Read/Write/Create operations?SummaryYou send a direct SOAP web service call to the instance with purpose to create a new record, for example a change_request. However, once the record is created you can see that some fields are empty even though the payload included those field values. This issue is commonly caused because the user sending the request may not have the privileges to create or update the values on the fields of interest. There are APIs available to check access over table and table fields for SOAP access. The script presented in this note can help to validate if a specific user has access to the fields on a table.Instructions1. For the following code block consider: Line#2 "user_sys_id" is the sys_id for the user that wants to send the SOAP call. Line#9 "table" is the name of the table that you want to check access for the user. 2. Run this code in background script as admin user. // Impersonate user var user_sys_id = "6816f79cc0a8016401c5a33be04be441"; var my_User = gs.getUserID(); var g_sesh = GlideSession.get(); g_sesh.impersonate(user_sys_id); gs.print("Impersonating "+gs.getUser().name); //Check Access var user = gs.getSession().getUser(); var table = 'change_request'; var isStrict = GlideProperties.getBoolean('glide.soap.strict_security'); var soapSecurity = new GlideSOAPSecurity(); soapSecurity.setStrictSecurity(isStrict); var gr = new GlideRecord(table); // are we allowed to see this table's fields? var fields = []; var elems = gr.getElements(); for (var i = 0; i < elems.size(); i++) { var elem = elems.get(i); var name = '' + elem.getName(); var field = {}; gs.print('Field: '+name +' canRead: '+ soapSecurity.canRead(gr, name)+' canWrite: '+soapSecurity.canWrite(gr, name)+' canCreate: '+ soapSecurity.canCreate(gr, name)); } // end impersonation g_sesh.impersonate(my_User); gs.print("End Impersonation "+gs.getUser().name); Related LinksThe execution of the script will prompt on screen the results for the test. For example: Impersonation start: Fred Luddy (fred.luddy) by: System Administrator (admin) *** Script: Impersonating fred.luddy *** Script: Field: reason canRead: true canWrite: true canCreate: true *** Script: Field: parent canRead: true canWrite: true canCreate: true *** Script: Field: watch_list canRead: true canWrite: true canCreate: true *** Script: Field: upon_reject canRead: true canWrite: true canCreate: true *** Script: Field: sys_updated_on canRead: true canWrite: false canCreate: false *** Script: Field: type canRead: true canWrite: false canCreate: false *** Script: Field: approval_history canRead: true canWrite: true canCreate: true *** Script: Field: skills canRead: true canWrite: true canCreate: true *** Script: Field: test_plan canRead: true canWrite: true canCreate: true ... ... *** Script: Field: unauthorized canRead: true canWrite: true canCreate: true *** Script: Field: risk canRead: true canWrite: true canCreate: true *** Script: Field: location canRead: true canWrite: true canCreate: true *** Script: Field: category canRead: true canWrite: true canCreate: true *** Script: Field: risk_impact_analysis canRead: true canWrite: true canCreate: true Impersonation end: Fred Luddy (fred.luddy)