Remove the Pilot components if necessary:
App Installation:
Click “Request App” on the ServiceNow Store listing:
The request is routed to Own’s ServiceNow Store account for approval.
Once approved, install the app in the ServiceNow instance by:
Navigate to All > System Applications > All Available Applications > All.
Find the application using the filter criteria and search bar.
Select a version from the list and select Install.
App Configuration:
If the Backup Service is configured with:
Own Recover Connect is a custom application that requires Cross Scope Privilege [sys_scope_privilege] and Restricted Caller Access [sys_restricted_caller_access] records to read data from other application scopes. Scoped applications have default application and table restrictions that prevent other scopes from accessing them unless one explicitly grants access.
Due to security concerns, ServiceNow does not allow us to bundle these records in our application. They want ServiceNow admins to acknowledge that these records are required by creating them manually, via script, or importing them via XML.
Own provides Cross Scope Privilege records for all out of box applications & tables (see next step). For every additional application, each table within that application requires the creation of a Cross Scope Privilege. If an application [sys_store_app] has the “Runtime Access Tracking” field set to “Tracking” or “Enforced”, a Cross Scope Privilege is required. If an application [sys_store_app] has the “Runtime Access Tracking” field set to “None” and the “Caller Access” field on the table is set to “Caller Restriction” or “Caller Tracking”, a Restricted Caller Access record is required.
To start, in the ServiceNow instance, switch to the Own Recover Connect scope. The following link contains an XML of cross scope privileges you need to import for all the out of box applications/tables:
Once the Cross Scope Privilege records are created in ServiceNow, navigate to the Own Platform. In the Service Options, set the API Version to “Own Recover Connect”.
Run an on-demand backup or let the next scheduled backup run.
Additional applications beyond the out of box applications require their own Cross Scope Privileges. The Own platform returns 500 errors for every table within those applications that require additional privileges.
Creating Cross Scope Privileges:
The filter returns 0 results or some results.
If there are Cross Scope Privilege records already created, additional Restricted Caller Access [sys_restricted_caller_access] records must be created (Step 8).
To create the missing Cross Scope Privileges, format the list generated in Step 1 as so:
Using a text editor:
Move the cursor to the beginning of each row.
Add a quotation mark (").
Move the cursor to the end of each row.
Add a quotation mark and comma (",).
//Script to get Table Names and Application Scope sys_id var tables_arr = [ "alm_transfer_order_line_subtask", "alm_transfer_order_line_task", "...", ]; for (var i = 0; i < tables_arr.length; i++) { var grGetTableInfo = new GlideRecord('sys_db_object'); grGetTableInfo.addQuery('name', tables_arr[i]); grGetTableInfo.query(); if(grGetTableInfo.next()){ gs.print('\n' + grGetTableInfo.getValue('name') + ':' + grGetTableInfo.getValue('sys_scope') + '\n'); } else { gs.print('error'); } }
// Script to create cross-scope privilege records for a given table name and application scope var records = [ "aw_record_type_selector:06e4ef0d87130300ada4046787cb0b08", "sn_publications_workflow_config:0fdd6483d72302004f1e82285e61033a", "...", // Target Table Name and Target Scope sys_id separated by a Colon (:) ]; var totalCreated = 0; var ownRecoverConnectScopeId = "c561b5ff876361907dcf84c7dabb35b0"; //Own Recover Connect Scope ID for sys_scope and source_scope for (var i = 0; i < records.length; i++) { var entry = records[i].split(":"); var privilegeRecord = new GlideRecord("sys_scope_privilege"); privilegeRecord.initialize(); privilegeRecord.operation = "read"; privilegeRecord.sys_scope = ownRecoverConnectScopeId; privilegeRecord.status = "allowed"; privilegeRecord.source_scope = ownRecoverConnectScopeId; privilegeRecord.target_type = "sys_db_object"; privilegeRecord.target_name = entry[0]; // Target Table Name privilegeRecord.target_scope = entry[1]; // Target Scope sys_id var newRecordSysID = privilegeRecord.insert(); if (newRecordSysID) { gs.info("New privilege record created with sys_id: " + newRecordSysID); totalCreated++; } else { gs.error("Failed to create the new privilege record for " + targetName); } }; gs.info("Total Records Created: " + totalCreated);
Run this script as a Background Script.
Revisit the Cross Scope Privileges table [sys_scope_privilege] with the filter described in Step 2. The missing records are now created.
Any remaining tables with 500 errors need Restricted Caller Access [sys_restricted_caller_access] records created.
Creating Restricted Caller Access:
These must be created manually and can’t be automated at this time. For example, the following tables need Restricted Caller Access records:
Copy the list of tables from the Own UI.
In ServiceNow, navigate to [sys_db_object] and create the following filter:
The results show all the application scopes that require Restricted Caller Access Records. Group by Application and take note of these.
In a new ServiceNow tab, navigate to System Applications > Application Restricted Caller Access [sys_restricted_caller_access].
Set the application picker to the first application scope you plan to create. For example, the first application in the image above needs to create the Restricted Caller Access in the Templated Snippets application scope:
Click “New” and set the following:
Repeat Steps 4 & 5 for each application from Step 3.
Run an on-demand backup for the tables with 500 errors or let the next scheduled backup run.
The tables backup without any errors.
Sometimes you just want to talk to someone. Our customer support team is available by phone:Request a Technical Support Call Back