Before Query Business Rule is preventing sc_task being created in Flow Designer

Go to solution
Kev9
Kilo Sage

‎10-04-2023 04:02 AM

Hi,

 

We've created 2 before query BR's on the sc_req_item table and sc_task table to restrict access to records to a specific group. The BR's work as expected but the Flow is failing to create sc_tasks.


If the flow runs as system user, no task is created.

If the flow runs as user who initiates session (with itil and catalog admin role) the first task is created but the subsequent one is not. The execution shows a "The requested flow operation was prohibited by security rules"

error


Any guidance appreciated

Kev


0 Helpfuls
  • 794 Views
1 ACCEPTED SOLUTION

Go to solution
Peter Bodelier
Giga Sage

‎10-04-2023 04:17 AM

Hi @Kev9,

 

Add a condition to your Business Rules : gs.isInteractive()

This way only manual queries will be affected by the BR. Not queries executed by the system.


Help others to find a correct solution by marking the appropriate response as accepted solution and helpful.

View solution in original post

4 REPLIES 4

Go to solution
Peter Bodelier
Giga Sage

‎10-04-2023 04:17 AM

Hi @Kev9,

 

Add a condition to your Business Rules : gs.isInteractive()

This way only manual queries will be affected by the BR. Not queries executed by the system.


Help others to find a correct solution by marking the appropriate response as accepted solution and helpful.

Go to solution
Kev9
Kilo Sage
In response to Peter Bodelier

‎10-05-2023 09:08 AM

Thanks Peter, worked perfectly.

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron

‎10-04-2023 04:32 AM

@Kev9 

you can try the approach mentioned by Peter

Do share us the update

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Amit Gujarathi
Giga Sage
Giga Sage

‎10-04-2023 06:20 AM

HI @Kev9 ,
I trust you are doing great.
You can try the below setting in onbefore business rule to validate the conditions

(function executeRule(current, previous /*null when async*/) {
    // If the operation is from the Flow, allow it
    if (sourceIsFlow()) {
        return;
    }

    // Existing logic to restrict access for specific group
    // ...
})();

function sourceIsFlow() {
    // Logic to determine if the current operation is from the Flow
    // This can be based on user, context, or other criteria
    return gs.getSession().getUserName() === 'flow_user'; // Replace 'flow_user' with the actual system user for the Flow
}

Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



0 Helpfuls