Hi, 

I have a UI script that creates a button in the header with onclick event that calls a script include.

This script include should add current user to "ServiceNow Admins" group.

Here's part of the script include (irrelevant parts are omitted):

var gr = new GlideRecord('sys_user_grmember');
gr.initialize();
gr.group = '507aaa8c1b9e2c108a347c95464bcbb4'; //sys_id of ServiceNow Admins group
gr.user = gs.getUserID();				
gr.insert();					

When I click the button I get an error saying: "User tomtest without admin/security_admin role is not allowed to grant admin/security_admin-containing roles or groups." where tomtest is the user clicking the button.

I've tried elevating role before inserting the record:

var gr = new GlideRecord('sys_user_grmember');
gr.initialize();
gr.group = '507aaa8c1b9e2c108a347c95464bcbb4'; //sys_id of ServiceNow Admins group
gr.user = gs.getUserID();
GlideSecurityManager.get().enableElevatedRole('security_admin');				
gr.insert();					
	

but this just gives me a generic error: 

16:52:58.746 Enabling elevated role: security_admin

16:52:58.746 Security restricted: Failed attempt to enabling elevated role: security_admin

 

Is there another way to add a user to ServiceNow Admins group through a script include that's executed via UI Script?

 

Aren't server side scripts executed by a service account with elevated permissions?

Any help would be appreciated.

T.