RUn flows with Service account

Go to solution
AnthonyMull
Tera Contributor

a month ago

Hi community

 

is there a way to run flows as a service account that I create in the user table.

I can only see options to run as system user or as user who initiates flow.

 

thanks in advance

0 Helpfuls
  • 1,842 Views
2 ACCEPTED SOLUTIONS

Go to solution
NavinAgarwal
Kilo Guru

a month ago

I have not tried the below solution but please try and see if it works for your requirement. I am very interested to know if this is going to work.

 

Using Roles with the System User:
This method allows a user account to run a flow, and the flow will have the permissions of that user.

  1. Locate Flow Properties: In Flow Designer, select More Actions and then click Properties.
  2. Select "Run As System User": Choose this option to have the flow run with specific roles.
  3. Add Roles: Click the Add role icon and select the roles that are assigned to your service account.

Using a Subflow for Impersonation:
If you need to execute the flow as a specific user in real-time, you can create a subflow that runs as a user, or use a flow that is designed to run as a specific user.

  1. Create a Subflow: Build a separate subflow that will contain your core logic.
  2. Set Subflow Properties: In the subflow's properties, you can select an option to run it as a specific user. This user can be your designated service account from the User table.

Important Considerations:

  1. User ACLs: When a flow runs as the user who initiated the session, its actions are limited by the user's Access Control Lists (ACLs).
  2. System User: The System User is not a record from the User table, but a concept that allows flows to run with elevated permissions.
  3. Auditing: Using a specific service account helps to reflect that user's name in the audit history, which is useful for auditing purposes.

If you found my response helpful, could you please mark it as ‘Accept as Solution’ and ‘Helpful’? This small action goes a long way in helping other community members find the right answers more easily and supports the community.

View solution in original post

0 Helpfuls

Go to solution
NavinAgarwal
Kilo Guru
In response to AnthonyMull

4 weeks ago

Hi @AnthonyMull - I am so glad that the solution worked for you, could you please mark it as ‘Accept as Solution’ and ‘Helpful’? This small action goes a long way in helping other community members find the right answers more easily and supports the community.

View solution in original post

0 Helpfuls
8 REPLIES 8

Go to solution
NavinAgarwal
Kilo Guru

a month ago

I have not tried the below solution but please try and see if it works for your requirement. I am very interested to know if this is going to work.

 

Using Roles with the System User:
This method allows a user account to run a flow, and the flow will have the permissions of that user.

  1. Locate Flow Properties: In Flow Designer, select More Actions and then click Properties.
  2. Select "Run As System User": Choose this option to have the flow run with specific roles.
  3. Add Roles: Click the Add role icon and select the roles that are assigned to your service account.

Using a Subflow for Impersonation:
If you need to execute the flow as a specific user in real-time, you can create a subflow that runs as a user, or use a flow that is designed to run as a specific user.

  1. Create a Subflow: Build a separate subflow that will contain your core logic.
  2. Set Subflow Properties: In the subflow's properties, you can select an option to run it as a specific user. This user can be your designated service account from the User table.

Important Considerations:

  1. User ACLs: When a flow runs as the user who initiated the session, its actions are limited by the user's Access Control Lists (ACLs).
  2. System User: The System User is not a record from the User table, but a concept that allows flows to run with elevated permissions.
  3. Auditing: Using a specific service account helps to reflect that user's name in the audit history, which is useful for auditing purposes.

If you found my response helpful, could you please mark it as ‘Accept as Solution’ and ‘Helpful’? This small action goes a long way in helping other community members find the right answers more easily and supports the community.

0 Helpfuls

Go to solution
AnthonyMull
Tera Contributor
In response to NavinAgarwal

4 weeks ago

Hi @NavinAgarwal 

 

The first solution worked thank you, I have udated flow to run as user that initiates it and added role of catalog_admin which allowed it create task.

 

Brilliant thank you.

0 Helpfuls

Go to solution
NavinAgarwal
Kilo Guru
In response to AnthonyMull

4 weeks ago

Hi @AnthonyMull - I am so glad that the solution worked for you, could you please mark it as ‘Accept as Solution’ and ‘Helpful’? This small action goes a long way in helping other community members find the right answers more easily and supports the community.

0 Helpfuls

Go to solution
kaushal_snow
Giga Sage

a month ago

@AnthonyMull ,

 

You cannot natively make a Flow run as a custom service account user; your options are limited to Run as system user or Run as the user who initiates the flow via the Flow Run As property, and any attempt to impersonate another user would require custom scripts or workaround solutions...

 

If you found my response helpful, please mark it as ‘Accept as Solution’ and ‘Helpful’. This helps other community members find the right answer more easily and supports the community.

 

Thanks and Regards,
Kaushal Kumar Jha - ServiceNow Consultant - Lets connect on Linkedin: https://www.linkedin.com/in/kaushalkrjha/