Running a Business Rule as a specific user

jeremielanders · ‎02-19-2015

Greetings!

I have been trying to figure out a way to run a Business Rule in it's entirety as a user other than myself, or the user who has triggered the BR. Here is an example:

When work notes and customer notes are updated on an Outage, I have a BR that pushes those notes updates to the incidents associated with the outage. The notes in the associated incidents naturally show as me who added them. However, what we would like to do is show that a specific user (in this case a user named "System Update") actually added them instead.

Does anyone have a solution on how to do what I'm detailing? Any help is very much appreciated. Thanks!

Jeremie

StephenHey · ‎08-30-2017

Depending on where your request is originating, you can do this using an 'async' business rule. Being asynchronous, it temporarily pushes the script in the rule to the background. When it brings it back to the foreground, it's running as user 'system'. 'System' has the innate ability to impersonate. So, combining scripted impersonation with the 'system' account, you can write an async rule like this:

var journalGR = new GlideRecord('sys_journal_field');

journalGR.addQuery('element_id', current.sys_id);

journalGR.orderBy('sys_created_on');

journalGR.query();


while (journalGR.next()) {

         var convertedTask = new GlideRecord('task');

         convertedTask.get(current.u_converted_to);


         var userGR = new GlideRecord('sys_user');

         userGR.get('user_name', journalGR.sys_created_by);

         var originalUser = gs.getSession().impersonate(userGR.sys_id);


         convertedTask[journalGR.element] = journalGR.value.toString();

         convertedTask.update();


         gs.getSession().impersonate(originalUser);

}

Our use case was to convert 'tickets' to other task types like incident and FMRs. This includes some extra code that you probably don't need that collects the journal entries of the ticket and puts them in the new task as the user who originally created them.

View solution in original post

Anurag Tripathi · ‎02-19-2015

well, you can impersonate a user in service now and run the operation that triggers that BR.

You need "impersonator" role to be able to impersonate other people, unless you are an admin.

-Anurag

jeremielanders · ‎02-19-2015

Unfortunately this needs to happen automagically because it will need to happen for hundreds of users.

Anurag Tripathi · ‎02-19-2015

OK, even if you try a scheduled job, there also you can run it as someone but there also one person only at a time.

-Anurag

tltoulson · ‎02-19-2015

Hi Jeremie,

I am not aware of any specific "Comment on behalf of" type functionality. ServiceNow does offer a number of ways to run scripts as a specific user but each has its own drawbacks in this case:

- Impersonating a User via script: Requires that the user executing the script has impersonate role

- Scheduled Job: You could have a scheduled job run as the "System Update" user

- Web Services: You could make a web service call to SOAP/JSON/etc from a business rule, back to ServiceNow, authenticating as the System Update user. Requires a call over the network.

- You could also try manipulating the Journal record entries directly though this is usually complicated and unfruitful

- Perhaps tossing the script to the event queue would work. You would likely need to override the user that "created" the event which may mean you have to create the sysevent manually instead of using gs.eventQueue.