Run transform map with admin rights

Geeky
Kilo Guru

‎02-25-2020 09:45 AM

Hi All,

I have a transform map which runs on auto provisioning of user from SAML. In transform map I have a code written to create the group and assign the role to the group and then add the member to the group.

This transform map is running with user "guest" which does not have any privileges. User is getting created, group is getting created, user is added to the group but role is not getting added to group & user.

I am thinking it is a permission issue with guest user. Because when I am adding same data into the import table with my admin id, everything working fine but it does not work during auto-provision.

I was thinking if I can run transform maps with admin rights?

or give user admin role to "guest" user account?

0 Helpfuls
  • 1,615 Views
4 REPLIES 4

Ashok Katam
Mega Guru

‎02-25-2020 09:57 AM

 

I suspect that might not be a permission issue, as you are able to create user record and group record unless GUEST account has access to those tables.

You can try giving admin role to see if that will works

0 Helpfuls

Geeky
Kilo Guru
In response to Ashok Katam

‎02-25-2020 10:08 AM

admin role to guest user?

0 Helpfuls

edo88
Giga Contributor

‎02-01-2021 08:49 AM

Did you manage to solve, 'cause I'm in the same situation

0 Helpfuls

Brent Llewellyn
Mega Guru

‎03-17-2022 07:39 AM

We are checking if the user already exists in the group as guest and once we determine that the user needs to be added to the group we leverage a REST API authenticated as a user with the proper roles.

    function addGrpMember(userID, groupID) {

		var ssoProvisioningProfile = gs.getProperty('sso_group_provisioning_cred_profile');
        var userCreds = new GlideRecord('basic_auth_credentials');
        userCreds.get(ssoProvisioningProfile);

        var username = userCreds.user_name;
        var password = userCreds.password.getDecryptedValue();

        var request = new sn_ws.RESTMessageV2();
        request.setEndpoint('https://' + gs.getProperty('instance_name') + '.service-now.com/api/now/table/sys_user_grmember');
        request.setHttpMethod('POST');

        request.setBasicAuth(username, password);
        request.setRequestHeader("Accept", "application/json");
        request.setRequestHeader('Content-Type', 'application/json');
        request.setRequestBody("{\"user\":\"" + userID + "\",\"group\":\"" + groupID + "\"}");
        var response = request.execute();
    }
0 Helpfuls