Security issue while adding/removing users from HR group via Flow
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hi all,
I have a catalog item attached to an HR service for Add/Remove users from HR groups. After HR case approval, my Flow should add/remove the user from the HR group.
Initially, when running as System User, the Flow was erroring out due to security restrictions.
To fix this, I tried using “Run with roles” and added the assignable role of the HR-scoped group roles.
For groups where the attached role has a valid Assignable by value, the Flow works fine.
The issue is with HR-scoped roles where Assignable by = empty. Even after Run with roles, the Flow fails with a security restriction while creating/deleting the sys_user_grmember record.
What I’ve tried so far:
- Running the Flow as System User → failed due to security restriction.
- Running with Run with roles and adding assignable roles → works only when “Assignable by” is populated.
- Using a Business Rule to insert/delete sys_user_grmember → still blocked by the same restriction.
Has anyone faced this scenario? What’s the recommended best practice to manage HR group membership when the group’s role has no value in Assignable by?
Thanks in advance!
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Check if below knowledge article helps
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0996223
If this helped to answer your query, please mark it helpful & accept the solution.
Thanks,
Bhuvan
