Does "RUN AS" user need to have any roles? or can it be a dummy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2016 07:20 AM
Hey All,
The "RUN AS" field, does anyone know its requirements?
Does the account need to be active? What happens if they aren't active?
Have roles for the required job? what if they dont have the roles, does it error out or default to a system account(if so which account?)?
Does it depend on the job being "run as" them?
I want to avoid a few issues
- System admin sets jobs to run as themselves (E.g. Discovery, or reports, entity generators, etc) and leaves, meaning we potentially have to update all of these?
- The activity formatters which show all the history or the audit logs showing who changes what fields can be very confusing. For example if the job is run as "sally", then suddenly Sally gets messaged asking why she updated XYZ at 3am in the morning. (It wasn't Sally, it was just the system running the job as Sally).
- AD imports "run as" someone - Then it looks like that person has gone in and updated all the sys_users, when really, the import did....run as that person.
Ultimately I'd like to run jobs with an empty dummy user account, so they are labelled "correctly". So it an automated job runs to update records or closed out old records, perhaps the user account can be "CleanUpAutomatedAdmin" and so all the tasks show this and we can locate where this script is running etc. As opposed to "sally" where poor sally gets all the blame
Of course if these accounts need roles, roles = Money! So this labeling suddenly becomes a very expensive label... not ideal.
Hope this is clear,
Thanks all
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2016 07:46 AM
Hi Chris
Here's some answers
Does the account need to be active?
Apparently the dummy user can be inactive.
What happens if they aren't active?
No one will be able to log in inside service now using that account.
Have roles for the required job?
Apparently the user doesn't need any role
What if they don't have the roles, does it error out or default to a system account(if so which account?)?
No it should be ok. The system will show any update or action execute by that particular user.
Does it depend on the job being "run as" them?
Please check the previous question
Anyway i think you can create a very simple scheduled actions and try in your dev.
Cheers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2017 08:25 AM
Hi,
Regarding your question:
What if they don't have the roles, does it error out or default to a system account(if so which account?)?
After trying this option it seems that if the "Run as" does not have ITIL rights, an email will be sent but with an empty attachment.
The user selected on the Run as filed must have ITIL role and visibility in that domain in order to receive coherent reports.
BR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2016 07:52 AM
To add to that, we had a partner set up a lot of jobs in our system and when they were set up to run as them they had admin rights. The rights were removed and the account was set to inactive but the jobs all still run fine with no hiccups, even for jobs that you'd think should require admin priviledges
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2016 08:51 AM
RUN AS user should be active user or you can leave "RUN AS" blank.
If "RUN AS" is blank it will take by default as "System".
