How to run a script include as 'System' so that it executes server side code for Non-admin users?

Subhashree Sub2 · ‎05-15-2024

Hi All,

I have a requirement to execute a script include which is querying sys_user table to fetch INACTIVE user's details. This script include code is not working for Non-Admin users as they can fetch only ACTIVE user's data.

I want the script include logic to execute normally as System (with privileged access) so that end users can perform testing for all users including INACTIVE ones.

I have tried below approach in my code but it doesn't seem to update "userCountry" in my case. Please let me know your suggestion.

Referred article: How to excute a script as system - Support and Troubleshooting (servicenow.com)

Please review below code and let me know how can I return the 'country' value and pass it to the Client side through GlideAjax.

 fetchUserCountry: function() {
        var exitUser = this.getParameter('sysparm_userid');
        var userRec = new GlideRecord('sys_user');
        userRec.addQuery('user_name', exitUser);
        userRec.query();
        var userCountry;
        if (userRec.next()) {
            userCountry = userRec.country;
        }

        var gdt = new GlideDateTime();
        gdt.addSeconds(5);
        gs.info("seconds: " + gdt);

	var script ="gs.log('***** DEBUG - sess:' + gs.getSessionID() + ', time:' + new Date().getTime() + ' - \\n' + GlideLog.getStackTrace(new Packages.java.lang.Throwable()), 'Stacktrace Debug');";
        //create the sys_trigger record to be executed by the schedule worker thread
        var sched = new ScheduleOnce();
        sched.script = script;
        sched.setTime(gdt);
        sched.setDocument(userRec);
        sched.setLabel("run this as system");
        sched.schedule();

	return userCountry;

    }

Best Regards,

Subhashree

Hayo Lubbers · ‎05-16-2024

Hi @Subhashree Sub2 ,

On the sys_user there is by default a query business rule. You can try circumvent the issue by adding setWorkflow(true) to your GlideRecord.

var userRec = new GlideRecord('sys_user');
        userRec..setWorkflow(true);
        userRec.addQuery('user_name', exitUser);
        userRec.query();

More info at : https://developer.servicenow.com/dev.do#!/reference/api/washingtondc/server/no-namespace/c_GlideReco...

"setWorkflow(Boolean enable)

Enables or disables the running of business rules, script engines, and audit.

Warning: Disabling the running of business rules, script engines, and audit can have a significant impact on your ServiceNow® instance and how it operates. Ensure that you thoroughly test this change before deploying it to production."

Brian Lancaster · ‎10-23-2024

Try this I just used it in my workflow.

https://www.servicenow.com/community/itsm-forum/how-to-make-script-include-client-callable-run-as-sy...

Minor change since you can't do a return outside a function I did the following doe in my user query BR.

if (!gs.getSession().getProperty('bypass_inactive_group_check') === 'true') {
    current.addActiveQuery();
}