- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago - last edited 4 weeks ago
Hi Experts,
I've observed a recurring issue where scripts or flows configured to run under a specific user account begin to fail once that user becomes inactive or is locked out of ServiceNow. These failures typically occur silently unless error handling has been explicitly built to catch such conditions.
I'm trying to understand what happens in the backend when this occurs. Specifically:
- What mechanisms cause the script to fail when the user is inactive?
- Are there any logs or indicators that can help identify these failures?
- What are the best practices to prevent or mitigate the impact of such scenarios?
Additionally, I’d appreciate any guidance on how to assess the potential impact of these failures and ensure it's kept to a minimum.
Thanks in advance for your insights!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago - last edited 4 weeks ago
As per my understanding - When a "Run As" user for a scheduled job or script is inactive or locked out in ServiceNow, the script will fail to execute. This is because the system cannot authenticate the user to run the script. The specific behavior may vary based on the script type and platform. Best Practices:-
- Always ensure the "Run As" user is active and has the necessary permissions to execute the script.
- Create a specific user account for running scripts and scheduled jobs. This account should have the minimum necessary roles and permissions and should be regularly monitored for activity and security.
- Scripts should include error handling to gracefully manage situations where the "Run As" user is inactive or locked out. This might involve logging the error, sending a notification, or attempting an alternative action.
- Leave Run as - blank so that it will be run as - System user.
As you correctly said- it is silent till the time, we realize that job is not running and we ar enot getting the expected output.
If my answer helped you, please mark -solution accepted.
Regards,
Nikhil Bajaj
Regards,
Nikhil Bajaj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
Flows can either run as "System User" or "User who initiated the session"
If it's "System User" then we need not worry.
Few practices we can follow
-> wherever possible use System User in flow
-> periodically review the flows
-> maintain a document of each flow and it's config so that it becomes easier to track, maintain, debug in future
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
4 weeks ago
It is recommended to run flows using 'system user' rather than 'User who initiated the session'. You can find more information on this in below post,
Best option is to use error handling and whenever there is a failure of flow execution, you can send a Email or SMS or Teams notification based on the integrations you have setup in your environment and any associated license costs.
There could be an exception scenario where flow might fail when run as 'system user' but it runs fine with 'User who initiated the session'. You can use below KA to resolve any issues,
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0856507
Thanks,
Bhuvan
