Can a business rule, triggered by an end-user, update records restricted from that user?

Go to solution
kchorny
Tera Guru

‎02-27-2017 02:29 PM

If I have a business rule that is triggered by an end-user with no roles, can the rule update records that the user doesn't have access to?   If not, can the rule call a script include that can see those records, or does the script include have the same restrictions?   Or, can I change the user that the business rule is running as?

I have a complex (to me) situation that I'm having trouble resolving...

Thanks!

Karla

0 Helpfuls
  • 3,291 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron
In response to kchorny

‎02-28-2017 09:51 AM

None that I'm aware of. Again, this is treading on licensing implications. You may want to reach out to your account rep to double check your requirement doesn't get you in a potentially expensive situation. Make sure the person/parties making this requirement understand the risks/costs.



If that doesn't work out for you, then have a backup plan - email notifications.


View solution in original post

0 Helpfuls
15 REPLIES 15

Go to solution
Chuck Tomasi
Tera Patron
In response to kchorny

‎02-28-2017 05:50 AM

Hi Karla,



Are you dealing with domain separation? You mentioned


the parent is associated to another company
0 Helpfuls

Go to solution
kchorny
Tera Guru
In response to Chuck Tomasi

‎02-28-2017 08:25 AM

Yes, and no.   Our instance is domain separated, but both companies are in the same domain.   We are a managed service provider, so the majority of our end users are contacts under our customer companies.   In some cases, we will have an incident associated to my company, say for an issue on a service that impacts multiple customers.   The customer incidents will then be children of our incident, and will be updated when the parent is updated.   That works fine, but when the customer responds to their incident (the child) we need to make sure the person working the parent incident is aware that a child was updated. That is the problem I'm trying to solve.



I've made some progress.   My first issue was that I wasn't able to get the reference value of parent_incident in my script.   However, when I changed it from



var parInc = current.parent_incident;


to


var parInc = current.getValue('parent_incident');




That worked for some reason.  



But even so, the GlideRecord portion is not working.   I think the 'incident query' business rule is getting in my way, so I'm going to try to pass the parent incident into a script include to get the job done.


0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to kchorny

‎02-28-2017 08:30 AM

It sounds like the underlying requirement is notifying the person assigned to the parent.


when the customer responds to their incident (the child) we need to make sure the person working the parent incident is aware that a child was updated

If that's the case, why not simply create a notification and dot-walk your way to the assigned_to person on the parent incident?



http://wiki.servicenow.com/index.php?title=Email_Notifications


Dot-Walking - Servicenow Wiki


0 Helpfuls

Go to solution
kchorny
Tera Guru
In response to Chuck Tomasi

‎02-28-2017 09:06 AM

Good question and that would be my approach if I could get away with it.   But the requirement is to solve the problem without using email.     Our techs are numb to it.


0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to kchorny

‎02-28-2017 09:12 AM

OK, thanks. If you want to update the parent record when a comment, for example, is made on the child incident, you can do it with a after business rule.



Condition:



current.comments.changes() && current.parent_incident



Script:



var inc = new GlideRecord('incident');


inc.get(current.getValue('parent_incident');


inc.comments = current.comments;


inc.update();


0 Helpfuls