How to use 'setWorkflow' in scoped app scripting

sheikhassan · ‎07-20-2017

I am getting an error Access to api 'setWorkflow' has been refused due to the api's cross-scope access policy.

How to fix this error?

Any help wold be appreciated.

syedfarhan · ‎07-20-2017

Go to your scoped app table and the use of scoped applications is they can allow or deny access from other tables. This allows them to keep 'private tables' for their application data or allow sharing of the information. If you go to the tables you are trying to write, you'll see an Application Access tab that defines the cross application access.

-Syed

Rajesh Mushke · ‎07-20-2017

Hi Sheik,

create Cross scope privilege

Cross-scope privilege record

Runtime access tracking uses cross-scope privilege records to determine which script operations and targets the system allows to run.

The system creates cross-scope privilege records when:

Runtime access tracking is set to Tracking or Enforcing.
A script attempts to access another application.

Each cross-scope privilege record contains the following information.

Field	Description
Source Scope	The application requesting runtime access to another application's resources.
Target Scope	The application whose resources are being requested.
Target Name	The name of the table, script include, or script object being requested.
Target Type	The type of request: table, script include, or script object.
Operation	The operation the script performs on the target. The target type determines the available operations. Tables support the read, write, create, and delete operations. Script includes and script objects only support the execute API operation.
Status	The authorization for this record: requested, allowed, or denied

Administrators can manually create cross-scope privilege records for application developers in advance to communicate which cross-scope resources they expect developers to access. For example, administrators could create these cross-scope privilege records to permit application developers access to resources from Incident Management.

Source Scope	Target Scope	Target Name	Operation	Status
My App	Global	incident	Read	Allowed
My App	Global	incident	Write	Allowed
My App	Global	ScopedGlideRecord	Execute API	Allowed

During testing, application developers should run all of their application scripting logic to ensure the system creates any necessary cross-scope privilege records. After application publication, the system only allows runtime requests to run that have a valid cross-scope privilege record.

Thanks,
Rajashekhar Mushke
Rising star : 2022 - 2024
Community Leader -2018
Connect me on LinkedIn : Rajashekhar Mushke

Peter de Bock1 · ‎05-27-2021

hi Sheik,

Today I faced exactly the same issue "Access to api 'setWorkflow' has been refused due to the api's cross-scope access policy."

After analyzing I found the root cause and a solution for it. The root cause is that this function 'setWorkflow' is not supported in a scoped application. I doubt that it is feasible to allow this by configuring a cross scoped privilege as it is not an object (table, script include, ...).

To resolve it, you can create a new script Include in the global scope with a function which has the query and the setWorkflow in it. Then return your response. The setWorkflow can be used to disable Business Rules for Updates, Deletes and Inserts, though also so to circumvent Business Rule Before queries.

The setWorkflow is working 100% in a global scope script include 🙂

Example call:

var glSI = new global.your-global-script-include();
var responseObject = glSI.your-function();

Please mark helpfull or answered when when it does 🙂

regards, Peter

Mandy · ‎09-09-2021

Hi Peter,

your idea sounds very good. Do you also have an example for the script include ?

Regards,

Mandy