- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2022 08:28 AM
Hi,
We currently have a automated request to add users to groups. The process is you select the group and the user via the form. When submitted a approval will be sent to the group manager. Once approved the user will be added to the group. This has been working for sometime now but it has failed.
I think it is because the workflow has to impersonate a account with additional access like a admin. But it has worked in the past.
This is the code we are using.
var group = current.variables.add_group;
var user = current.variables.add_member.toString();
var array = user.split(",");
var adminUser = gs.getProperty('qbe.admin_account');
var originalUser = gs.getSession().impersonate(adminUser); // elevate priviledges to add roles
//gs.addInfoMessage("Selected users are:" + ' ' + user);
for (var i = 0; i < array.length; i++) {
var gr_member = new GlideRecord('sys_user_grmember');
gr_member.initialize();
gr_member.group = group;
gr_member.user = array[i].toString();
gr_member.insert();
}
gs.getSession().impersonate(originalUser); // return to original sessionIf anyone know why this would be please let me know or if there is a better way to do this.
Many thanks
Clinton
Solved! Go to Solution.
- Labels:
-
Request Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2022 02:24 AM
The fix for this was to add a Timer action to the workflow before my script runs. The activity is then added to the event log which runs as the System, which has all the access needed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2022 09:13 AM
Hi
I was wondering why the entire impersonation thing configured in the first place?
Also the property, if it returns any admin user's sysid, please check if any modifications were made to that user's record.
I guess you can comment the impersonating code parts & test if it works. Because other than that the code looks good to me.
Please mark the response as helpful/correct, if it answers your question.
Thanks
Nikita
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2022 12:16 AM
Hi,
The reason for the impersonate was to have a user with the correct permission to provide access. A account will need user_admin to create roles for the user when the person is added to the group.
Users who use our request will only have itil and in some cases they don't even have access. So the impersonate is to login as a user with access then the correct roles can be applied.
This was working fine but I think maybe ServiceNow have locked this down.
I'll keep digging.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2022 01:41 AM
Hi,
There is a widget widely used in the community which allow group manager to manage the member of his groups on the portal.
You can download it here: https://developer.servicenow.com/connect.do#!/share/contents/5924274_service_portal_widget_my_manage...
Hope it will be useful for you
Please Mark ✅ Correct/helpful if applicable, Thanks!!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-06-2022 02:22 AM
Hi - Yes that is a good option. I have managed to fix my issue but I like this idea. Thank you for posting.
