- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-01-2024 10:30 AM
I only see a delete ACL OOB for HR group members where Group is 'HR' or Group.parent = HR. My user has user_admin role and sn_hr_core.manager roles where the latter was specified in the ACL delete OOB. Still it can't delete the record from group member table when the group is HR or Group.parent = HR. I tried to disable the ACL but same thing. I notice when this user opens the GROUP, the group is READ only. So i created a write ACL with the same condition and group as the delete, SAME THING. The group remains READ only. What else is restricting HR groups aside from ACLs?
I built a flow designer to remove members from HR groups and getting security issues using this API user. I want to avoid adding the sn_hr_core.admin role to achieve this. If i switch to 'system user' on the flow, same thing.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-04-2024 12:56 AM
I received a solution from ServiceNow by adding a script step in the flow designer before the modification of the record, to impersonate a super user who should have the hr admin role. This works perfectly!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-04-2024 12:56 AM
I received a solution from ServiceNow by adding a script step in the flow designer before the modification of the record, to impersonate a super user who should have the hr admin role. This works perfectly!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-04-2024 01:48 AM
Can you share what they have shared with you? Or did they simply share with you to use "session.onlineImpersonate("YOURSPECIALUSER")" or via "GlideImpersonate"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-04-2024 01:51 AM
Create an action script with the below:
var userSysId = "SYS_ID"; // sys_id of a sys_user record that has the required role

var myId = gs.getSession().impersonate(userSysId);

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-04-2024 07:52 AM
Consider adding a un-impersonation step afterwards.
Blog: https://sys.properties | Telegram: https://t.me/sys_properties | LinkedIn: https://www.linkedin.com/in/slava-savitsky/