Can I specify a User account other than Guest for transform map in SSO script?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-29-2022 03:13 AM
Hi,
We are working on an Indentity provider that every time a user log in to the instance, it first retrieve the groups he belongs throught a third part integration and then the onAfter script of the user provisioning transform map add the groups to the user. However this action is performed by the guest user account, and since in some groups there is the admin role, the guest user is not able to add these groups to the logged user. How can we set a different user account that is able to performe this action?
Thanks
- 594 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-30-2022 06:17 PM
We are facing the same issue. Our onAfter script executes similar functionality that you described, and also is being run by the guest user who is not able to assign users to groups with the admin role, with the warning: "User guest does not have the role 'sn_templated_snip.template_snippet_admin' which is required to grant/remove 'sn_templated_snip.template_snippet_admin' under application administration, Resource: 'record/sys_user_grmember/create'".
We found https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0784172 which gives a workaround to remove the template snippet admin role from the admin, but when following that then we get the warning: "User guest does not have the role 'sn_hr_sp.admin' which is required to grant/remove 'sn_hr_sp.admin' under application administration, Resource: 'record/sys_user_grmember/create'"
It seems that we need a way to run the script in the Transform Map as a user with higher privileges, not as guest.
