Best Practice for Scheduled Jobs and the RunAs field
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-05-2017 03:46 PM
Hello Community!
Today I have a question about scheduled jobs and the RunAs field.
We have a few scheduled jobs that run to send out reports or make incidents via templates. Unfortunately, those jobs are mostly running as random users (the user who created them). We've already uncovered one instance where that user had been set to inactive and the job stopped running.
My nightmare is as follows: A person in an organization is terminated and we set their account to Inactive and a bunch of scheduled jobs stop running.
Here is the question: Does ServiceNow recommend scheduled jobs run as the system user?
- If so, how would we make sure that the data remains domain separated (for instance, running a report that displays all active incidents at the end of the night but only for one client)?
- If not, would ServiceNow suggest creating a "Service Account" in each domain for scheduled jobs to run as? Do we have to pay a license on a "Service Account" that isn't really logging in but will need all the roles?
- 13,572 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-06-2017 12:52 AM
Hi,
- Scheduled jobs which query data which is not accessible by any user should run as system (run as should be empty)
- Any scheduled report should ideally run as the user within that report's company (domain in case of domain exasperated instance) so as they extract only the data which is authorized.
- Jobs to run platform scripts (like closing an incident after x days) should always run as system.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-09-2024 10:41 AM
Cannot find any documentation saying we need to have a dedicated user to run scheduled jobs.
