Workflow can no longer update sys_user_group manager field

Go to solution
Cheri M
Kilo Sage

‎01-10-2024 08:09 AM - edited ‎01-10-2024 08:24 AM

Hello,

I have a weird issue suddenly. Scenario, I have a workflow that goes to AD, updates the group manager and then, a script activity that updates the group manager field in ServiceNow - these are not type security group. This was created years ago and was tested and worked.  Suddenly we notice it is not updating the manager field in SN. The import from AD at night does update the field but there are some scenarios where it needs to be update immediately to create a new approval to the new group manager.

I checked my script as myself (admin) and it runs fine.  When I ran it in the WF I see this error in the logs.
'User mid_server_dev does not have the role 'sn_si.admin' which is required to grant/remove 'sn_si.read' under application administration, Resource: 'record/sys_user_group/write'

Odd, but in dev I added that role to the mid server account and it worked. WHY would it need that role to update a group manager on an ITIL group (not security group)?  Anyone else experience this?

Thanks,

Cheri

0 Helpfuls
  • 676 Views
1 ACCEPTED SOLUTION

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Cheri M

‎01-10-2024 10:12 AM

Did someone add sn_si.read under itil by mistake?


Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

0 Helpfuls
5 REPLIES 5

Go to solution
SanjivMeher
Kilo Patron
Kilo Patron
In response to Cheri M

‎01-10-2024 10:46 AM

Hmmm....Any specific user needs access to sn_si.read, should be added separately to a group specific for read to Security incidents....That is a better way to manage user access

 


Please mark this response as correct or helpful if it assisted you with your question.
0 Helpfuls