Can a business rule, triggered by an end-user, update records restricted from that user?

Go to solution
kchorny
Tera Guru

‎02-27-2017 02:29 PM

If I have a business rule that is triggered by an end-user with no roles, can the rule update records that the user doesn't have access to?   If not, can the rule call a script include that can see those records, or does the script include have the same restrictions?   Or, can I change the user that the business rule is running as?

I have a complex (to me) situation that I'm having trouble resolving...

Thanks!

Karla

0 Helpfuls
  • 3,294 Views
1 ACCEPTED SOLUTION

Go to solution
Chuck Tomasi
Tera Patron
In response to kchorny

‎02-28-2017 09:51 AM

None that I'm aware of. Again, this is treading on licensing implications. You may want to reach out to your account rep to double check your requirement doesn't get you in a potentially expensive situation. Make sure the person/parties making this requirement understand the risks/costs.



If that doesn't work out for you, then have a backup plan - email notifications.


View solution in original post

0 Helpfuls
15 REPLIES 15

Go to solution
kchorny
Tera Guru
In response to Chuck Tomasi

‎02-28-2017 09:27 AM

That's what I'm trying to do, but because the user has no roles and they are the one making the update, the 'incident query' business rule runs and is not allowing the update to the parent incident.   Here is my business rule:



br.GIF


(function executeRule(current, previous /*null when async*/) {

gs.log('Child incident updated: ' + current.number);

   var parInc = current.getValue('parent_incident');

   var gr = new GlideRecord('incident');

   gr.addQuery('sys_id',parInc);

   gr.query();

   if (gr.next())

   {

   gr.u_child_incident_updated = true;

   gr.update();

   }



})(current, previous);


I know it's the incident query business rule that's getting in my way, because when I turn it off, the above rule works perfectly.


Preview file
31 KB
0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to kchorny

‎02-28-2017 09:30 AM

Ah, that makes sense. Thanks for the detective work.



From a licensing standpoint, end users (non-roled) are only able to update their own tickets. If they start updating other records (either automated or manually) they require a license.



FWIW, a shortcut to lines 4-7 is...



if (gr.get('YOUR_SYS_ID_HERE')) {


}


0 Helpfuls

Go to solution
kchorny
Tera Guru
In response to Chuck Tomasi

‎02-28-2017 09:47 AM

Other than giving all of our end users a role, there's no way to make this work in this situation?   Can I call a script and trick it into thinking that the session is not interactive so that the incident query business rule is bypassed?


0 Helpfuls

Go to solution
Chuck Tomasi
Tera Patron
In response to kchorny

‎02-28-2017 09:51 AM

None that I'm aware of. Again, this is treading on licensing implications. You may want to reach out to your account rep to double check your requirement doesn't get you in a potentially expensive situation. Make sure the person/parties making this requirement understand the risks/costs.



If that doesn't work out for you, then have a backup plan - email notifications.


0 Helpfuls

Go to solution
kchorny
Tera Guru
In response to Chuck Tomasi

‎02-28-2017 10:23 AM

Thanks, Chuck.   I guess I'll just tell the powers-that-be here that they'll have to rely on email in this scenario.


0 Helpfuls