Flow Designer Run-As Problem

jlaps
Kilo Sage

‎06-24-2025 06:34 AM

I am using Flow Designer to ingest an emailed report. When I "TEST" this in Flow Designer, it works with no problem. The problem I am having is when the email is grabbed, even though I have the RUN AS set to SYSTEM USER, the flow instance is getting blocked when trying to get the EMAIL ATTACHMENT and the flow stops. The process is running on a GUEST account for reasons unknown (perhaps because the email sender is an email address that has no account?), even though I have it set for SYSTEM USER. What am I doing wrong?

 

jlaps_0-1750771996553.png

 

jlaps_1-1750772038397.pngjlaps_2-1750772083364.png

 

0 Helpfuls
  • 733 Views
10 REPLIES 10

Voona Rohila
Kilo Patron
Kilo Patron
In response to jlaps

‎06-24-2025 11:06 AM

Yess Very strange, Current I also have inbound flows where run as is admin and it's working as expected( did not came across the guest user)

 

It's mentioned in below article that if the system does not recognize the sender, inbound email flows will run as the Guest user. To fix this issue, create a sub flow and add it in your inbound flow and use run as system for the sub subflow.

 

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0821206

 


Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP

jlaps
Kilo Sage
In response to Voona Rohila

‎06-24-2025 11:12 AM

Yes, I saw that same thing so I at least knew WHY it was doing that. I did not have this problem with the non-flow-designer stuff; run as is respected there. 

My update record fix works... but riddle me this batman...

If the guest user that this resolves to does not have the rights to find the attachment on the attachment table... how does it have the rights to change the USER email on the email record to the ADMIN email? lol

0 Helpfuls

Voona Rohila
Kilo Patron
Kilo Patron
In response to jlaps

‎06-24-2025 11:18 AM - edited ‎06-24-2025 11:20 AM

how does it have the rights to change the USER email on the email record to the ADMIN email?

Can you please screenshot of this point?

Did you check how the OOTB Acl's are configured for the email table?


Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP
0 Helpfuls

jlaps
Kilo Sage
In response to Voona Rohila

‎06-24-2025 11:26 AM

Screenshot of flow with new action pointed out-

jlaps_0-1750789259065.pngjlaps_1-1750789300308.png

Results before new update record action-

jlaps_2-1750789409535.png

Results after new action-

jlaps_3-1750789466551.png

It seems very strange that it is apparently re-evaluating who the flow is running as, AFTER it starts. When this first runs, the email/user is nothing in my system (HR system). Update record changes it to the system admin account, and suddenly the rest of the flow runs as that? Even updates the RUN AS at the top to what it was AFTER step 2? Weird.

0 Helpfuls

Voona Rohila
Kilo Patron
Kilo Patron
In response to jlaps

‎06-24-2025 02:24 PM

So Ideally the update of email record should also fail because the user is a guest but somehow the update is happening as system and the flow is continuing because it considered as system

 

I have analyzed permissions for guest user on email table for 'user' field and the guest doesn't have the permission to update as per OOTB setup so your first step should fail. You can raise a case with servicenow on this and see what solution they provide.

 

 

To restrict the updation or lookup, You can run inbound flow as 'user who initiates' the session and use subflow that runs with your required roles or system user.

 


Mark it helpful if this helps you to understand. Accept solution if this give you the answer you're looking for
Kind Regards,
Rohila V
2022-25 ServiceNow Community MVP
0 Helpfuls