From Jakarta, if the 'Explicit Roles' plugin is installed, ODBC connection from users with snc_external is not allowed.
Testing using the Interactive SQL (iSQL), it returns a 403 forbidden error.
The same user can login directly using the browser and access the tables without problems. SOAP calls will also work.
Steps to Reproduce
- On a Jakarta instance create a user called 'odbc_user'.
- Grant the user the 'odbc' role. This will include 'soap_query' and 'itil' roles.
- Now activate the 'Explicit Roles' plugin.
- Go back to the user and remove the 'snc_internal' role and grant the 'snc_external' role.
- Now setup an ODBC connection to ServiceNow.
- Using ISQL, try to connect with the odbc user from item 2 above.
A 403 Forbidden error is returned
This problem is under investigation. As a workaround, give the user the 'snc_internal' role. Alternatively, disable the 'explicit role' feature.
Related Problem: PRB1237871