Good morning everyone, I'm hoping someone can help me with a problem that has me stumped.

Background:

We have a catalog item with an associated workflow, at one point in this workflow some information (4 yes/no questions and a freetext-field) must be provided by users that are neither the original requestors nor servicenow itil users.

My current solution for solving this involves creating a public UI-page with a form and using a script include for moving the information into the workflow. This works fine as long as the user is authenticated, however when the UI page is used by a non-authenticated / guest user it is unable to access the necessary tables.

My original understanding was that script includes ran as server-side code with almost system-wide permissions, the permissions part at least seems to be incorrect. It seems more like the script-include is run in the calling user's context.

I've created a simple UI page and script include below to demonstrate. If its run against a SN dev-instance it'll be unable to find any records for a non-authenticated user while an authenticated user will show the short descriptions and 12 or so records.

UI Page:

<?xml version="1.0" encoding="utf-8" ?>
<j:jelly trim="false" xmlns:j="jelly:core" xmlns:g="glide" xmlns:j2="null" xmlns:g2="null">
<g:dialog_buttons_ok_cancel ok="return varsOk()" ok_style_class="btn btn-destructive" ok_text="Send" ok_type="button"/>
</j:jelly>
function varsOk()
{
       var ga = new GlideAjax('testInclude');
       ga.addParam('sysparm_name', 'updateForm');
       ga.getXML(varsReturn);
}
function varsReturn(response)
{
       var answer = response.responseXML.documentElement.getAttribute("answer");
       alert(answer);
}

Script include

var testInclude = Class.create();
testInclude.prototype = Object.extendsObject(AbstractAjaxProcessor, {
       updateForm: function() {
               var varGr = new GlideRecord('incident');
               varGr.addQuery('assignment_group', 'd625dccec0a8016700a222a0f7900d06');
               varGr.query();
               varGr.next();
               gs.info('Debug | Test | User: ' + gs.getUserName());
               gs.info('Debug | Test | Number of rows: ' + varGr.getRowCount());
               gs.info('Debug | Test | Short description: ' + varGr.short_description);
               return varGr.short_description;
     },
       
       
       isPublic: function() {
     return true;
   },
       type: 'testInclude'
});

My questions are twofold:

1. Is there a way to force a public script include to run in a specific context / as a specific user?
2. Does anyone have any other way of having a non-itil user send information into a catalog item's workflow?