inbound email actions from external addresses running as Guest

pbostian · ‎07-26-2022

Background: Our HR department has the need to email external addresses at times, when a employee is terminated and their network email address is deactivated. They may be working a case, and would like to use the email client from within the case itself, to track all correspondence in the case, rather than their Outlook account.

Situation: Emailing out using the email client in the platform works fine. When when the recipient replies, nothing gets entered into or attached to the case. I have this narrowed down to inbound email action not making a connection to a user in sys_user, and essentially running the inbound action as Guest. https://docs.servicenow.com/bundle/sandiego-servicenow-platform/page/administer/notification/reference/r_ImpUserRunInboundActions.html

Is there any way to have the inbound email action run as a different user that DOES have write access to the case? Obviously i don't want to give Guest write access to sn_hr_core_case, or any other table for that matter...

I dont want to have to update a bunch of OOB business rules, unless i ABSOLUTELY need to....

Thanks for any suggestions...

Tony Chatfield1 · ‎07-26-2022

Hi, I would suspect that this is because the 'user' account associated to the responding email address is locked out and inactive, and so the guest account is used for processing?
If this is the scenario, then you can possibly resolve with a few small tweaks to your process and configuration

System settings
update property 'glide.pop3.process_locked_out' to allow locked out user accounts to process email
Allowing locked out users to process inbound email actions (servicenow.com)

Operational Process
Lock a user account (and change the password) when a user departs the organization, but keep the account 'active' until the HR disengagement process is completed, then set the user account to active = false.

pbostian · ‎07-27-2022

The account that the reply is coming from is NOT listed in the sys_user table. There is no way we could literally have any and every possible email address there. these are the employees personal email address, usually.

and the "Guest" user is active, and not locked out. It has no roles, so therefore has no ability to write to any table, especially a table that is as locked down as we have sn_hr_core_case.

II guesss I am just trying to come up with a creative alternative way to have replies to the emails sent from a case to get written back TO the case.

ErinF · ‎09-20-2023

I am having a similar issue. Did you find a solution?

Sam Motley · ‎07-27-2022

you could try setting up create accounts automatically for emails with no user account but that is risky as then anyone could have a user account created from an external source, better to just cc the user in an email using the msg ref to link it back to the ticket