Check permissions and update credentials for tools — Workspace

  • Release version: Yokohama
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Check permissions and update credentials for tools — Workspace

    This guide explains how ServiceNow customers can verify permissions and update credentials for various DevOps tools within the DevOps Change Workspace. It covers the process to ensure that tool credentials have sufficient permissions for seamless discovery and import of data, and how to update credentials like passwords and access tokens when necessary.

    Show full answer Show less

    Permission Checks

    • You can perform permission checks on connected tools anytime via the tool details page to confirm if current credentials have the necessary permissions.
    • This helps identify if higher-level permissions or tokens are required to avoid impacts on integrations.
    • Note that SonarQube and Rally do not support permission checks.
    • The permission check status (full, partial, or unchecked) and last check timestamp are visible on the tool details page.
    • Different tools have specific actions for permission checks, for example:
      • Bitbucket: Check password permissions
      • GitHub/GitHub Enterprise (OAuth with GitHub app): Requires entering the GitHub app slug name to check credentials
      • Other tools: Check credential permissions
    • If permissions are insufficient, updating credentials with higher-level permissions or adjusting permissions on the external tool is recommended.

    Updating Credentials

    To update tool credentials with those having adequate permissions:

    • Navigate to Tools in DevOps Change Workspace and open the tool details page.
    • Click More Actions and select the appropriate update credential option depending on the tool.
    • Typical steps include selecting credential type (Basic Auth or OAuth), entering new passwords or tokens, and performing a permission check before confirming the update.

    Tool-specific details:

    • Bitbucket: Update password; permission check required before update.
    • Azure DevOps: Update credentials with Basic Auth or OAuth; note Project Administrators privilege requires PAT owner membership in Project Collection Administrators group.
    • Jira, Jenkins, JFrog: Update credentials with Basic Auth or OAuth (OAuth 2.0 not available for Jenkins and JFrog); perform permission check before update.
    • GitLab: Similar process with credential selection and permission check.
    • GitHub, GitHub Enterprise: Update credentials with Basic Auth or OAuth; for GitHub app OAuth, enter slug name to check permissions; can update directly without checking permissions if desired.
    • Argo CD, SonarQube, Rally: Do not support permission checks; update credentials by entering username and password/token and clicking update.

    After updating, permission checks run on new credentials. You may cancel the update at any time before completion.

    Permissions Required

    Your third-party tools must grant appropriate permissions to their credentials to enable connectivity and integration with DevOps Change Velocity. Ensuring sufficient privileges is critical for uninterrupted discovery and data import.

    You can perform permission checks and update credentials like passwords and access tokens for your tools from the tool details page.

    Permission checks

    You can perform permission checks on connected tools at any time, to verify if the existing credentials have the necessary permissions. This check helps to determine if there are possible impacts or if you must get a token or credential with higher-level permissions for the tool.
    Note:

    SonarQube and Rally doesn't have the option to check for permissions.

    1. From the DevOps Change Workspace, navigate to Tools and select the tool to open the details page.

      The Permission check result field shows whether the tool credentials have all the necessary permissions, have partial permissions, or if permissions haven't been checked. The Last Permission check field tells you when the permission checks were previously run.

    2. Click More Actions.
      • For Bitbucket, select Check password permissions.
      • For GitHub and GitHub Enterprise with OAuth credentials using the GitHub app, select Check credential permissions and then enter the GitHub app slug name. Click Check permissions.
      • For others, select Check credential permissions.

      You can see the status of the checks depending on your credential permissions. You need sufficient permissions on your credentials for seamless discovery and import.

    3. If permissions aren’t sufficient, it’s recommended to update the credentials with those having higher-level permissions, or update the permissions for the objects on the external tool.

    Update credentials

    You can update the tool credentials with credentials having sufficient permissions for seamless discovery and import of data from your tool.

    1. From the DevOps Change Workspace, navigate to Tools and select the tool to open the details page.
    2. Click More Actions. Depending on your tool, the options to update your credentials are displayed.
      Tool Steps
      Bitbucket
      1. Click Update password.
      2. Enter the user name and the new password.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you are satisfied with the permissions for your tool, then update the credentials.
      Azure DevOps
      1. Click Update credentials.
      2. Select the Credential type.
        • If the credential type is Basic Auth, enter the new password or access token.
        • If the credential type is OAuth, enter the new credential.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you’re satisfied with the permissions for your tool, then update the credentials.
        Note:
        Since the DevOps tool maps to an Azure DevOps organization, the Project Administrators privilege requires the owner of the PAT to be a member of the organization's Project Collection Administrators group.
      Jira, Jenkins, JFrog
      1. Click Update credentials.
      2. Select the Credential type.
        • If the credential type is Basic Auth, enter the new password or access token.
        • If the credential type is OAuth, enter the new credential.
        Note:
        OAuth 2.0 credentials are not available for Jenkins and JFrog.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you’re satisfied with the permissions for your tool, then update the credentials.
      GitLab
      1. Click Update credentials.
      2. Select the Credential type.
        • If the credential type is Basic Auth, enter the new password or access token.
        • If the credential type is OAuth, enter the new credential.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you’re satisfied with the permissions for your tool, then update the credentials.
      GitHub, GitHub Enterprise
      1. Click Update credentials.
      2. Select the Credential type.
        • If the credential type is Basic Auth, enter the user name and new password or access token.
        • If the credential type is OAuth using the GitHub app, enter the new credential. If you don't want to check for permissions, then click Update directly, and the credentials are updated.

          To check the permissions, you must enter the GitHub app slug name.

        • If the credential type is OAuth using the OAuth app (not the GitHub app) at GitHub end, enter the new credential.
      3. Click Check permissions.
      4. The permission check results are shown in the Permission check dialog box. If you're satisfied with the permissions for your tool, then update the credentials.
      Argo CD, SonarQube, Rally These tools don't check for permissions. To update credentials:
      1. Click Update credentials.
      2. Enter the user name and new password or access token.
      3. Click Update to update the credentials.

      Permission checks are run on the new credentials. Once permissions check is completed, you can proceed with updating the credentials. If you want to abort the update, click Cancel.