Running Script with Elevated Access

raprohaska · ‎10-14-2015

I have a simple bit of script the updates a configurable set of fields:

///Pseudo Code
var gr = new GlideRecord(table);

gr.addQuery('sys_id', id);

gr.query();

if (gr.next()){

for each field/value {

gr.setValue(field, value);

}

gr.update();

}

Some of the fields update and the others get set to "null". There seems to be a correlation from the fields that don't update to active ACLs... The odd part is, my user is an admin and has rights to update all of these fields. BUT, if I run while I have my access elevated to security admin, then they all get set just fine.

I'm using glide record and not glide record secure.
I need to run this script with elevated access even if it isn't an admin invoking the feature. (the script is located in a Business Rule)

Thanks in advance for any help you can give.

theoracle · ‎10-14-2015

Can you please ask what you are asking in a different way. Maybe I can understand it better to be able to respond

Thanks

jancaasi · ‎10-14-2015

Hi Aaron,

I'm not sure if this is going to help. As far as I know, the only thing that you want is to have elevated access and I'm not sure if the link below is helpful.

Elevated Privileges

Below is something that I found a few moments ago:

I got this image from inspecting the element Elevated Access in google chrome. I'm not sure how to call this function but this is the closest answer that I could provide you. Let's wait for the other people's feedback and hope they can lend a hand on calling this function.

Hope this helps,

Jan Raphael Caasi

jancaasi · ‎10-14-2015

I found it. Elevated Role script can be found below:

https://<your instance name>.service-now.com/ElevatedRole.jsdbx

The link calls this script to manipulate the elevated access.

Anyway, here is the full script:

var ElevatedRole = Class.create();

ElevatedRole.prototype = {

initialize: function(span_name) {

this.span_name = span_name;

CustomEvent.observe('user.login', this.updateElevatedRoleForLogin.bind(this));

},

/*

* Login handler

*/

updateElevatedRoleForLogin: function(/* GlideUser */ user) {

this.elevatedRolesArray = user.getAvailableElevatedRoles();

this.activeElevatedRolesArray = user.getActiveElevatedRoles();

if (this.activeElevatedRolesArray && this.activeElevatedRolesArray.length > 0) { //an elevated role exists

CustomEvent.observe('glide:ui_notification.security', this.expireElevatedRole.bind(this));

}

var span = gel(this.span_name);

if (this.elevatedRolesArray.length <= 0) {

// if there are no available elevated roles, hide the control

hideObject(span);

return;

}

showObjectInlineBlock(span);

},

expireElevatedRole: function(/* UINotification*/ notification){

if (this.activeElevatedRolesArray && this.activeElevatedRolesArray.length > 0) { //an elevated role exists

var dialogClass = GlideDialogWindow,

width;

if (window.GlideModal) {

dialogClass = GlideModal;

width = 400;

}

var gDialog = new dialogClass("elevated_role_dialog", false, width);

gDialog.setPreference('activeElevatedRoles', this.activeElevatedRolesArray);

gDialog.setPreference('activeElevatedRoles', this.activeElevatedRolesArray.join(', '));

gDialog.setTitle(new GwtMessage().getMessage('Elevated Roles has Expired'));

gDialog.render();

}

},

selectElevatedRole: function() {

var dialogClass = GlideDialogWindow,

width;

if (window.GlideModal) {

dialogClass = GlideModal;

width = 400;

}

var gDialog = new dialogClass("dialog_elevated_role", false, width);

gDialog.setPreference('table', 'elevated_role_dialog');

gDialog.setPreference('elevatedRolesArray', this.elevatedRolesArray);

gDialog.setTitle(new GwtMessage().getMessage('Activate an Elevated Privilege'));

gDialog.render();

}

};

I'm not sure but I hope this helps,

Jan Raphael Caasi

hadyndickson · ‎10-14-2015

Which table? Do you intend for a certain group of users to trigger this business rule? Perhaps you could adjust the ACL's or add a new role / group with the appropriate access, which would prevent the need to elevate.