Skills

configuration-validation

Installation
SKILL.md

Configuration Validation

Overview

Configuration validation is essential for maintaining quality and preventing errors in ServiceNow deployments. This skill teaches systematic approaches to validate catalog items, workflows, business rules, and other configurations before deployment.

  • What problem does it solve? Catches configuration errors, missing dependencies, and broken references before they impact users or cause production issues
  • Who should use this skill? Administrators, developers, and release managers responsible for quality assurance of ServiceNow configurations
  • What are the expected outcomes? Validated configurations that work correctly, comprehensive error detection, and confidence in deployments

Prerequisites

  • Required ServiceNow roles: admin or specific admin roles (catalog_admin, workflow_admin)
  • Read access to configuration tables (sys_script, wf_workflow, sc_cat_item)
  • Understanding of ServiceNow configuration types
  • Related skills: admin/schema-discovery (helpful for understanding structures)

Procedure

Step 1: Identify Configuration Type

Determine what type of configuration you need to validate. Each type has different validation requirements.

Configuration Types and Tables:

Configuration Type Table Key Validations
Catalog Item sc_cat_item Variables, workflows, pricing
Catalog Variable item_option_new Type, reference, choices
Workflow wf_workflow Activities, transitions, conditions
Business Rule sys_script Script syntax, conditions, timing
UI Policy sys_ui_policy Conditions, actions, triggers
Client Script sys_script_client Script syntax, type, table
Script Include sys_script_include Client callable, scope
ACL sys_security_acl Conditions, script, roles

Step 2: Catalog Item Validation

Validate catalog items for completeness, proper configuration, and working dependencies.

If using MCP tools:

Tool: SN-Validate-Configuration
Parameters:
  type: catalog_item
  sys_id: <catalog_item_sys_id>
  checks:
    - variables
    - workflows
    - pricing
    - approvals
    - fulfillment

If using REST API:

# Get catalog item details
GET /api/now/table/sc_cat_item/<sys_id>?sysparm_display_value=all

# Get associated variables
GET /api/now/table/item_option_new?sysparm_query=cat_item=<sys_id>&sysparm_fields=name,type,mandatory,reference,order

# Get associated workflows
GET /api/now/table/wf_workflow?sysparm_query=table=sc_req_item^published=true&sysparm_fields=name,sys_id

Catalog Item Validation Checklist:

Check Description Severity
Active Status Item is active and visible Critical
Category Valid category assignment High
Variables All required variables present Critical
Variable Order Variables have unique order values Medium
Variable References Reference fields point to valid tables Critical
Workflow Fulfillment workflow exists and is published High
Approval Rules Approval groups/users exist High
Pricing Price and recurring price are valid Medium
Short Description Under character limit Low
Icon Has valid icon or image Low

Step 3: Variable Validation

Validate catalog variables for proper configuration and functionality.

If using MCP tools:

Tool: SN-Query-Table
Parameters:
  table_name: item_option_new
  query: cat_item=<catalog_item_sys_id>
  fields: name,question_text,type,mandatory,reference,order,variable_set

Variable Type Validation Rules:

Type Required Fields Common Errors
1 (Yes/No) question_text None
5 (Select Box) question_text, choices Missing choices
6 (Single Line) question_text, max_length Excessive length
8 (Reference) question_text, reference Invalid table reference
9 (Date) question_text Date format issues
14 (Macro) macro Macro not found
18 (Lookup) reference, lookup_table Table mismatch
21 (List Collector) reference, list_table Invalid list config

Validate Variable Choices:

Tool: SN-Query-Table
Parameters:
  table_name: question_choice
  query: question=<variable_sys_id>
  fields: text,value,order

Decision Points:

  • If type is 5 (Select Box) and no choices exist → Error: Missing choices
  • If type is 8 (Reference) and reference table doesn't exist → Error: Invalid reference
  • If mandatory=true but default_value is empty → Warning: Required field without default

Step 4: Workflow Validation

Validate workflows for completeness, proper transitions, and no dead-ends.

If using MCP tools:

Tool: SN-Validate-Configuration
Parameters:
  type: workflow
  sys_id: <workflow_sys_id>
  checks:
    - activities
    - transitions
    - conditions
    - end_states

If using REST API:

# Get workflow details
GET /api/now/table/wf_workflow/<sys_id>?sysparm_display_value=all

# Get workflow activities
GET /api/now/table/wf_activity?sysparm_query=workflow_version.workflow=<sys_id>&sysparm_fields=name,activity_definition,x,y

# Get workflow transitions
GET /api/now/table/wf_transition?sysparm_query=workflow_version.workflow=<sys_id>&sysparm_fields=from,to,condition

Workflow Validation Checklist:

Check Description Severity
Published Workflow is published and active Critical
Begin Activity Has exactly one Begin activity Critical
End Activity Has at least one End activity Critical
Orphan Activities All activities have incoming transitions High
Dead-End Activities All activities have outgoing transitions (except End) High
Condition Completeness All branch conditions are exhaustive High
Activity Scripts Scripts have valid syntax Critical
Timeout Handlers Long-running activities have timeouts Medium
Rollback Activities Approval rejections have proper handling Medium

Detect Orphan Activities:

Tool: SN-Query-Table
Parameters:
  table_name: wf_activity
  query: workflow_version.workflow=<sys_id>^activity_definition.name!=Begin
  fields: sys_id,name

# Then check each activity has incoming transition
Tool: SN-Query-Table
Parameters:
  table_name: wf_transition
  query: to=<activity_sys_id>
  fields: sys_id

Step 5: Business Rule Validation

Validate business rules for proper configuration, syntax, and performance considerations.

If using MCP tools:

Tool: SN-Validate-Configuration
Parameters:
  type: business_rule
  sys_id: <business_rule_sys_id>
  checks:
    - syntax
    - conditions
    - performance
    - scope

If using REST API:

# Get business rule details
GET /api/now/table/sys_script/<sys_id>?sysparm_fields=name,when,collection,active,script,filter_condition,order

Business Rule Validation Checklist:

Check Description Severity
Active Rule is active Info
Table Valid table reference Critical
When Appropriate timing (before/after/async) High
Condition Filter condition is valid High
Script Syntax No JavaScript errors Critical
GlideRecord in Before Avoid GlideRecord updates in before rules High
Current.update() Avoid in before rules (causes recursion) Critical
Changes Check Uses .changes() for efficiency Medium
Order Appropriate order value Medium
Scope Correct application scope High

Common Business Rule Anti-Patterns:

// ANTI-PATTERN 1: current.update() in before rule
// Causes infinite recursion
(function executeRule(current, previous) {
  current.priority = 1;
  current.update(); // BAD! Remove this line
})(current, previous);

// ANTI-PATTERN 2: Unnecessary GlideRecord in before rule
(function executeRule(current, previous) {
  var gr = new GlideRecord('incident');
  gr.get(current.sys_id);
  gr.priority = 1;
  gr.update(); // BAD! Just set current.priority = 1
})(current, previous);

// ANTI-PATTERN 3: No changes() check
(function executeRule(current, previous) {
  // Runs on every update even if priority didn't change
  notifyPriorityChange(current.priority);
})(current, previous);

// CORRECT: Check if field changed
(function executeRule(current, previous) {
  if (current.priority.changes()) {
    notifyPriorityChange(current.priority);
  }
})(current, previous);

Step 6: UI Policy Validation

Validate UI policies for proper configuration and action completeness.

If using MCP tools:

Tool: SN-Query-Table
Parameters:
  table_name: sys_ui_policy
  query: sys_id=<ui_policy_sys_id>
  fields: short_description,table,conditions,active,global,inherit

Get UI Policy Actions:

Tool: SN-Query-Table
Parameters:
  table_name: sys_ui_policy_action
  query: ui_policy=<ui_policy_sys_id>
  fields: field,mandatory,visible,disabled

UI Policy Validation Checklist:

Check Description Severity
Active Policy is active Info
Table Valid table reference Critical
Conditions Conditions are valid and testable High
Actions Exist At least one action defined High
Field References Action fields exist on table Critical
Reverse Handling Policy handles both true and false states Medium
Order No conflicting policies with same fields Medium

Step 7: Script Include Validation

Validate script includes for proper configuration and accessibility.

If using MCP tools:

Tool: SN-Query-Table
Parameters:
  table_name: sys_script_include
  query: sys_id=<script_include_sys_id>
  fields: name,api_name,client_callable,access,active,script

Script Include Validation Checklist:

Check Description Severity
Active Script include is active Info
Name Convention Follows naming conventions Medium
API Name Unique and descriptive Medium
Client Callable Only if needed (security risk) High
Syntax Valid JavaScript syntax Critical
Prototype Pattern Uses proper class pattern Medium
Documentation Has JSDoc comments Low
Dependencies Referenced script includes exist High

Step 8: ACL Validation

Validate Access Control Lists for proper security configuration.

If using MCP tools:

Tool: SN-Query-Table
Parameters:
  table_name: sys_security_acl
  query: name=incident
  fields: name,operation,type,active,condition,script,role

ACL Validation Checklist:

Check Description Severity
Active ACL is active Info
Operation Valid operation type Critical
Roles At least one role or condition Critical
Condition Valid condition expression High
Script Valid script if used High
Coverage All operations covered Medium
Inheritance Proper use of * ACLs Medium

Step 9: Generate Validation Report

Compile all validation results into a comprehensive report.

Validation Report Template:

# Configuration Validation Report

## Summary
- Configuration: [Name]
- Type: [Catalog Item / Workflow / Business Rule]
- Date: [Date]
- Validator: [Name]

## Overall Status: [PASS / FAIL / WARNING]

## Detailed Findings

### Critical Issues (Must Fix)
1. [Issue description and remediation]
2. [Issue description and remediation]

### High Priority Issues (Should Fix)
1. [Issue description and remediation]

### Medium Priority Issues (Consider Fixing)
1. [Issue description and remediation]

### Low Priority Issues (Nice to Have)
1. [Issue description and remediation]

## Validation Details

### Component 1: [Name]
- Status: [PASS/FAIL]
- Checks Performed: [List]
- Issues Found: [List]

### Component 2: [Name]
- Status: [PASS/FAIL]
- Checks Performed: [List]
- Issues Found: [List]

## Recommendations
1. [Recommendation]
2. [Recommendation]

## Sign-off
- [ ] All critical issues resolved
- [ ] All high priority issues resolved or documented
- [ ] Configuration approved for deployment

Tool Usage

MCP Tools (Claude Code/Desktop)

Tool Purpose When to Use
SN-Validate-Configuration Comprehensive validation Primary validation tool
SN-Query-Table Query configuration tables Detailed inspections
SN-Get-Table-Schema Understand table structure Validate field references

REST API (ChatGPT/Other)

Endpoint Method Purpose
/api/now/table/sc_cat_item GET Catalog item validation
/api/now/table/item_option_new GET Variable validation
/api/now/table/wf_workflow GET Workflow validation
/api/now/table/sys_script GET Business rule validation
/api/now/table/sys_ui_policy GET UI policy validation
/api/now/table/sys_script_include GET Script include validation
/api/now/table/sys_security_acl GET ACL validation

Native Tools (Claude Code)

Tool Purpose
Bash Execute validation scripts
Read Read validation templates

Best Practices

  • Validate Before Promotion: Always validate configurations before moving between instances
  • Use Automated Validation: Implement automated validation in CI/CD pipelines
  • Document Exceptions: Document any validation warnings that are accepted
  • Test with Data: Validate using realistic test data, not empty records
  • Cross-Reference Dependencies: Ensure all referenced objects exist in target environment
  • Version Control: Keep validation reports with update set documentation
  • ITIL Alignment: Include validation as part of change management process

Troubleshooting

Common Issue 1: Validation Returns False Positives

Symptom: Validation flags issues that work correctly in practice Cause: Validation logic doesn't account for all valid configurations Solution: Review the specific validation rule and add exception handling

# Check if the "error" is actually valid
Tool: SN-Query-Table
Parameters:
  table_name: <relevant_table>
  query: sys_id=<object_sys_id>
  display_value: all

Common Issue 2: Missing Dependencies in Target Instance

Symptom: Configuration works in dev but fails validation in test/prod Cause: Dependencies not included in update set Solution: Query sys_update_xml to find all related records

Tool: SN-Query-Table
Parameters:
  table_name: sys_update_xml
  query: update_set=<update_set_sys_id>
  fields: type,target_name,name

Common Issue 3: Script Syntax Errors Not Detected

Symptom: Invalid JavaScript passes validation but fails at runtime Cause: Basic syntax check doesn't catch all JavaScript errors Solution: Use ServiceNow's syntax checker or background script test

Tool: SN-Execute-Background-Script
Parameters:
  script: |
    try {
      eval('<script_content>');
      gs.info('Syntax check passed');
    } catch(e) {
      gs.error('Syntax error: ' + e.message);
    }

Common Issue 4: Workflow Validation Times Out

Symptom: Workflow validation takes too long or fails Cause: Complex workflow with many activities and transitions Solution: Break validation into smaller chunks

# Validate activities separately
Tool: SN-Query-Table
Parameters:
  table_name: wf_activity
  query: workflow_version.workflow=<sys_id>
  limit: 50
  offset: 0

# Then transitions
Tool: SN-Query-Table
Parameters:
  table_name: wf_transition
  query: workflow_version.workflow=<sys_id>
  limit: 100

Examples

Example 1: Complete Catalog Item Validation

# Step 1: Get catalog item details
Tool: SN-Query-Table
Parameters:
  table_name: sc_cat_item
  query: sys_id=abc123
  fields: name,short_description,active,category,workflow
  display_value: all

# Result:
name: "New Laptop Request"
active: true
category: "Hardware"
workflow: "Standard Laptop Fulfillment"

# Step 2: Validate variables
Tool: SN-Query-Table
Parameters:
  table_name: item_option_new
  query: cat_item=abc123
  fields: name,question_text,type,mandatory,reference,order

# Result:
- laptop_type (Select Box, mandatory) - OK
- memory_size (Select Box) - OK
- justification (Multi-line, mandatory) - OK
- manager_approval (Reference to sys_user) - OK

# Step 3: Validate variable choices exist
Tool: SN-Query-Table
Parameters:
  table_name: question_choice
  query: question.cat_item=abc123
  fields: question.name,text,value

# Result:
laptop_type choices: Standard, Developer, Executive - OK
memory_size choices: 8GB, 16GB, 32GB - OK

# Step 4: Validate workflow exists and is published
Tool: SN-Query-Table
Parameters:
  table_name: wf_workflow
  query: name=Standard Laptop Fulfillment
  fields: name,published,active

# Result:
published: true
active: true - OK

# Final Status: PASS - All validations passed

Example 2: Business Rule Performance Validation

# Step 1: Get business rule
Tool: SN-Query-Table
Parameters:
  table_name: sys_script
  query: name=Auto Assign Critical Incidents
  fields: name,when,collection,active,script,filter_condition

# Result:
name: "Auto Assign Critical Incidents"
when: "before"
collection: "incident"
filter_condition: "priority=1"
script: (see below)

# Step 2: Analyze script for anti-patterns
Script Content:
```javascript
(function executeRule(current, previous) {
  var gr = new GlideRecord('sys_user_group');
  gr.addQuery('name', 'Critical Incident Team');
  gr.query();
  if (gr.next()) {
    current.assignment_group = gr.sys_id;
  }

  // ISSUE FOUND: GlideRecord query in before rule
  // This runs on EVERY insert of P1 incident
})(current, previous);

Step 3: Generate recommendations

Issues Found:

  1. WARNING: GlideRecord query in before rule
    • Impact: Performance degradation on incident creation
    • Recommendation: Cache group sys_id in system property or use gs.getProperty()

Recommended Fix:

(function executeRule(current, previous) {
  // Use cached value instead of query
  var criticalTeamId = gs.getProperty('x_app.critical_team_sys_id');
  if (criticalTeamId) {
    current.assignment_group = criticalTeamId;
  }
})(current, previous);

Final Status: WARNING - Performance issue detected


### Example 3: Workflow Dead-End Detection

Step 1: Get workflow activities

Tool: SN-Query-Table Parameters: table_name: wf_activity query: workflow_version.workflow=wf123 fields: sys_id,name,activity_definition.name

Result:

  • act1: Begin
  • act2: Create Task
  • act3: Approval
  • act4: If Approved (Branch)
  • act5: Fulfill Request
  • act6: End
  • act7: Send Rejection Email

Step 2: Get all transitions

Tool: SN-Query-Table Parameters: table_name: wf_transition query: workflow_version.workflow=wf123 fields: from.name,to.name,condition

Result:

  • Begin -> Create Task
  • Create Task -> Approval
  • Approval -> If Approved
  • If Approved -> Fulfill Request (condition: approved)
  • If Approved -> Send Rejection Email (condition: rejected)
  • Fulfill Request -> End

Step 3: Analyze for issues

ISSUE FOUND: Dead-end activity

  • "Send Rejection Email" (act7) has no outgoing transition
  • This will cause workflow to hang after rejection

Recommendation:

Add transition from "Send Rejection Email" to "End"

Final Status: FAIL - Workflow has dead-end activity


### Example 4: ACL Coverage Validation

Step 1: Get all ACLs for table

Tool: SN-Query-Table Parameters: table_name: sys_security_acl query: name=x_app_custom_table fields: name,operation,type,active,admin_overrides,role.name

Result:

  • x_app_custom_table (read) - role: x_app.user - ACTIVE
  • x_app_custom_table (write) - role: x_app.admin - ACTIVE
  • x_app_custom_table (create) - role: x_app.admin - ACTIVE
  • x_app_custom_table (delete) - role: x_app.admin - ACTIVE
  • x_app_custom_table.* (read) - role: x_app.user - ACTIVE

Step 2: Analyze coverage

Operations Covered:

  • read: YES
  • write: YES
  • create: YES
  • delete: YES

Field-Level ACLs:

  • . (all fields): YES

Step 3: Check for gaps

ISSUE FOUND: No row-level restriction

  • All users with x_app.user role can read ALL records
  • Consider adding condition for record-level security

Recommendation:

If records should be user-specific, add condition: created_by=javascript:gs.getUserID()

Final Status: WARNING - Consider row-level security


## Related Skills

- `admin/schema-discovery` - Understanding table structures for validation
- `admin/update-set-management` - Managing validated configurations
- `admin/batch-operations` - Fixing validation issues in bulk
- `admin/deployment-workflow` - Deploying validated configurations

## References

- [ServiceNow Instance Scan](https://docs.servicenow.com/bundle/utah-application-development/page/build/instance-scan/concept/instance-scan.html)
- [Catalog Item Best Practices](https://docs.servicenow.com/bundle/utah-servicenow-platform/page/product/service-catalog-management/concept/c_ServiceCatalogBestPractices.html)
- [Workflow Best Practices](https://docs.servicenow.com/bundle/utah-servicenow-platform/page/administer/workflow-administration/concept/c_WorkflowBestPractices.html)
- [Business Rule Best Practices](https://docs.servicenow.com/bundle/utah-application-development/page/script/server-scripting/concept/c_BusinessRuleBestPractices.html)
- [ACL Best Practices](https://docs.servicenow.com/bundle/utah-platform-security/page/administer/contextual-security/concept/access-control-best-practices.html)
Related skills

More from happy-technologies-llc/happy-platform-skills

Installs
3
Repository
happy-technolog…m-skills
GitHub Stars
23
First Seen
10 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass