How to verify user field access privileges for SOAP operationsSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Verify whether a user has read, write, and create privileges for specific table fields when using SOAP web services. This article provides a script to check field-level access for SOAP operations. When a SOAP web service call creates a record but some fields remain empty despite being included in the payload, the user sending the request may lack privileges to create or update those field values. Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } All supported releases Instructions<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Before you begin Update the following values in the script: Line 2 (user_sys_id): Replace with the sys_id of the user you want to test.Line 9 (table): Replace with the name of the table you want to check access for. Run the script Log in as an admin user.Go to System Definition > Scripts - Background.Copy and paste the following script: // Impersonate user var user_sys_id = "6816f79cc0a8016401c5a33be04be441"; var my_User = gs.getUserID(); var g_sesh = GlideSession.get(); g_sesh.impersonate(user_sys_id); gs.print("Impersonating "+gs.getUser().name); //Check Access var user = gs.getSession().getUser(); var table = 'change_request'; var isStrict = GlideProperties.getBoolean('glide.soap.strict_security'); var soapSecurity = new GlideSOAPSecurity(); soapSecurity.setStrictSecurity(isStrict); var gr = new GlideRecord(table); // are we allowed to see this table's fields? var fields = []; var elems = gr.getElements(); for (var i = 0; i < elems.size(); i++) { var elem = elems.get(i); var name = '' + elem.getName(); var field = {}; gs.print('Field: '+name +' canRead: '+ soapSecurity.canRead(gr, name)+' canWrite: '+soapSecurity.canWrite(gr, name)+' canCreate: '+ soapSecurity.canCreate(gr, name)); } // end impersonation g_sesh.impersonate(my_User); gs.print("End Impersonation "+gs.getUser().name); Example output The script displays results for each field on the specified table, showing read, write, and create permissions: Impersonation start: Fred Luddy (fred.luddy) by: System Administrator (admin) *** Script: Impersonating fred.luddy *** Script: Field: reason canRead: true canWrite: true canCreate: true *** Script: Field: parent canRead: true canWrite: true canCreate: true *** Script: Field: watch_list canRead: true canWrite: true canCreate: true *** Script: Field: upon_reject canRead: true canWrite: true canCreate: true *** Script: Field: sys_updated_on canRead: true canWrite: false canCreate: false *** Script: Field: type canRead: true canWrite: false canCreate: false *** Script: Field: approval_history canRead: true canWrite: true canCreate: true *** Script: Field: skills canRead: true canWrite: true canCreate: true *** Script: Field: test_plan canRead: true canWrite: true canCreate: true ... ... *** Script: Field: unauthorized canRead: true canWrite: true canCreate: true *** Script: Field: risk canRead: true canWrite: true canCreate: true *** Script: Field: location canRead: true canWrite: true canCreate: true *** Script: Field: category canRead: true canWrite: true canCreate: true *** Script: Field: risk_impact_analysis canRead: true canWrite: true canCreate: true Impersonation end: Fred Luddy (fred.luddy) Interpret the results Review the output for fields where canWrite or canCreate is false. These fields cannot be updated or created by the tested user through SOAP operations. Related Links<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } }