Is there a way to provide admin & security_admin role to the users using rest integration.

Prithvi Ramesh1
Mega Sage

Use Case:

Whenever a user requests access from PROD to DEV for admin or security admin roles, the flow should automatically assign the requested roles to the user.
The setup is already in place and works correctly for other roles.


Issue:

  • For the admin role, the flow creates an empty record — the user and group Fields are not populated.
  • For the security admin role, the flow throws the following error:

Error: Operation Failed
Details: Error during insert of sys_user_grmember (test user)
(Process Automation.19602fa1890b261025214ad7e9572531; line 😎

10 REPLIES 10

Ankur Bawiskar
Tera Patron
Tera Patron

@Prithvi Ramesh1 

did you try running background script in DEV and see?

Your flow should be configured to Run as -> System User

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

The flow is configured to run as the System User, and the script successfully adds the roles to the user when executed manually. However, the flow itself is not working as expected.
Even though the integration user has the required access, the flow fails specifically when assigning the security_admin role.

GlideFather
Tera Patron

Hi @Prithvi Ramesh1 

 

do you really want to grant sec_admin that easily? 😛 it's the highest role... 

The sec_admin can be granted by sec_admin only, the standard admin cannot do that. So perhaps your flow doesn't have enough rights to do it...

 

To verify this - try the flow for some other role and if it will be successfully added, then the problem is that it must be updated by sec_admin. If another role will also not be added, the issue is somewhere else.....

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


Actually, we have an approval process in place where only the Platform Team has access to approve requests. Based on the approval, we intend to assign the security_admin role to the user.

We are using an integration user to provide access to DEV and TEST environments. While this setup works fine for other roles, it throws an error specifically when assigning the security_admin role. The integration user already has the necessary roles, but the error still occurs.

Is there a way to achieve this successfully?