Refresh user's Roles without logging out

Andrew Albury-D
Mega Guru

‎05-24-2021 10:38 PM

Hey everyone,

I'm looking at building an "Elevate to Admin" tool which will let our developers have a single account, without being granted Admin until they need it in Production. I've found some mentions online for a "GlideSecurityManager" API which is "undocumented" but in theory, should do what I need. (found here: https://snprotips.com/undocumented-servicenow-apis)

I am creating a "sys_user_has_role" record for a user, with the role of Admin, and would love to let them not have to log out and back in to apply these changes.

Does anyone know exactly how to use the GlideSecurityManager API? I've tried a few ways - Background script, BR on sys_user_has_role, Flow Designer Action, and none seem to work. e.g.

find_real_file.png

Any help is appreciated,

Thanks,
Andrew

Labels:
Preview file
41 KB
0 Helpfuls
  • 3,068 Views
10 REPLIES 10

Andrew Albury-D
Mega Guru
In response to Pranesh072

‎05-24-2021 11:13 PM

Hey Pranesh,

Thanks for the links. I might do some troubleshooting like the logging in the first post, but you are right - it seems to maybe have stopped working. 

I'll keep digging. Thanks!

0 Helpfuls

Mark Roethof
Tera Patron
Tera Patron

‎05-24-2021 11:39 PM

Ha Andrew,

This sounds interesting! Had a use case for something similar a while ago though didn't come up with a proper solution. This API - if working - sounds like a nice way to go.

When performing a quick code search using SNUtils I do see several out-the-box scripts using GlideSecurityManager. Maybe there's a lead there? I'll have a look also later today.

Kind regards,
Mark

 

Kind regards,

 

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

 

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

LinkedIn

0 Helpfuls

Aishwarya Theva
Tera Guru

‎05-25-2021 01:35 AM

Hi Andrew,

 

That sounds interesting!!

GlideSecurityManager.get().setUser(userObject)

Where the user object is a user object that you get using gs.getUser().getUserByID('user_name_or_sys_id').

 

Please log and see if you getting the correct values in line number 5, it would be great if you can share some more details about the business rule.

 

If that doesn't work then I guess it would be the session that might be still active, you would need to invalidate the user session.

Try this out

Please refer this post to see on how it can be done :

https://community.servicenow.com/community?id=community_question&sys_id=725587addbd8dbc01dcaf3231f9619ac

Addition link where Tomas tried to do something similar :

 

https://community.servicenow.com/community?id=community_question&sys_id=9155ae2bdb06ab802e8c2183ca96197f

Please let me know if this works!

 

Thanks

Aishwarya Thevar

0 Helpfuls