Illegal access to outbound HTTP in [scoped app] Use an async business rule to...

edAZ · ‎06-13-2023

Hello All,

I have a task to validate some values on the form on update which involves a REST call to retrieve some values to validate against. If the values on the form do not match what is returned from REST call then abort the save.

I am using a Before update Business Rule which then calls a script include where I am using the "executeAsync()" method. This is working properly with an admin account. However I am getting the following error when impersonating a non admin user -- "Illegal access to outbound HTTP in GRC: Vendor Risk Management. Use an async business rule to perform outbound HTTP requests."

I have searched the community and everyone says we must use async Business Rule. However, I am not able to abort and prevent user from saving if the validation fails.

I have tried with "restMessage.executeAsync()", "restMessage.execute()", and adding "response.waitForResponse(5)", and combinations of the above but not able to get it to work.

Any suggestions are much appreciated! Thank you!

Mehta · ‎06-13-2023

Hi,

the first approach will be to use gs.sleep() .

Caution: If you put gs.sleep() directly in BR, it will block thread for unnecessary 30 seconds ( worst case ) and may cause perf issues.

Second approach is instead of using gs.sleep() use events for triggering that BR, it's best practice. Here's an example of delay applied on business rule and trigger event:

var when = new GlideDateTime();
var delay = new GlideTime();
delay.setValue("00:00:05");
when.add(delay);
gs.eventQueueScheduled("event_name", current, "", "", when);

But I guess the first might be the solution based on your requirement.

Note: Please mark reply as correct /helpful if it answers your question.

Mehta · ‎06-16-2023

@edAZ

Where you able to resolve it?

Ariya · ‎04-11-2024

Any update to the above issue? We are also having the same concern.