- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2022 09:42 AM
How will ACLs be honored when using the following activities:
Approval Action activity
Set Values
Run Script
Example: The Task table has an ACL on Approval field that only approval_admin can write to the Approval field
On Change Request, an ITIL user gets an approval assigned by the workflow, once the user approves, I have the following activity:
Approval Action activity with the Action as Mark task approved
Set Values activity with the Approval field set to Approved
Run Script with the following code: current.approval = 'approved';
How will the ACLs be honored in each of the above scenarios?
The reason I can't test this out effectively is because there could be a huge overload in PROD or mutex locks happening and the workflow could run in the System context and thereby not honoring the ACLs. I'm worried about the times when there is a low overload and the workflow actually runs in the user's context.
Solved! Go to Solution.
- Labels:
-
Scripting and Coding
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2022 01:41 AM
Hi Arjun,
it's been a while since I worked with Workflow, but as far as I recall and experienced: Worklfows are always running in the System Context. So your approval will work in all cases unless you do an Impersonation in the Scripting.
I would recommend to stay OOB and just use the Approval Action. Which will ensure it always Works.
Not knowing the Background of this, I would also encourage you to use the Flow Designer if you are Building/re-building a Workflow completely as this is the way forward and also much easier to use 🙂
Hope that helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2022 01:41 AM
Hi Arjun,
it's been a while since I worked with Workflow, but as far as I recall and experienced: Worklfows are always running in the System Context. So your approval will work in all cases unless you do an Impersonation in the Scripting.
I would recommend to stay OOB and just use the Approval Action. Which will ensure it always Works.
Not knowing the Background of this, I would also encourage you to use the Flow Designer if you are Building/re-building a Workflow completely as this is the way forward and also much easier to use 🙂
Hope that helps!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-22-2024 11:54 PM - edited 04-22-2024 11:56 PM
Hi @Arjun Thippeswa and @Jan Strama1 ,
Recently I faced an issue Workflow was updating one of the field on approval table. But ACL was present on that field which require the approval_admin role.
For non admin user the workflow was showing it went to that stage, but the field is not got updated as the user is not had that role.
I tried to search for comparison between workflow and ACL on ServiceNow doc. But could not.
ACL is restricting workflow behavior.
What will be solution in this case?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2022 02:01 AM
As far as working of the OOB workflow activities are concerned they will run irrespective of which user triggers the workflow. Whether the user to whom approval is triggered can see the ticket to be approved is matter of permissions. Though the approval record has a way of showing few details. User needs to have role approver_user or business stakeholder license to approve records. Otherwise no other issues
