Sleep or wait function?

wbmore
Kilo Expert

Is there a server side function for either of these that would work in a business rule?

Scenario:
I have an application that requires password resets on a regular basis. I have added a field to the incident form via a ui policy/ui action combination that is required when the type and subtype meet certain fields. When my business rules run after close I call an event to produce an email that includes the password field to notify the user of their new password. That part works great. I have another business rule that has a run order that is 300 higher than the first rule. The second rule basically says if conditions are meet, then current.password = 'SEALED'; This rules works great too. The only issue is it works to fast. My email is sending out SEALED as the password. My first inclination is to have the second rule sleep for a period of time, but I have not found a good server side command for this. I also am concerned that this may not be the best way to approach the problem.

Thanks for your thoughts.

2 REPLIES 2

jay_berlin
ServiceNow Employee
ServiceNow Employee

The issue you are running into here is that the event gets generated for the email, but that is processed asynchronously some time later, after the business rules have all run (the second business rule runs synchronously to the saving of the record).

To make this work, you probably need to include the password as part of the event parameters (such as param2) when you generate the event. I realize that this is not very secure since the password is in the event log now.

How are you dealing with securing the password now?


Thanks Jay,
I passed it as a parameter and it is working fine now. I figured out parameters a few days ago. The application requires a password change on first login. Currently I create a var in my business rule, set equal to the password field, pass the var as a param, then write over the password field with the phrase SEALED. Currently we are not auditing the password field so it is not listed in the activity section. At least it is not easy to find in the list view this way. Long term having a way to exclude certain fields and parameters from the event log would be cool, but I think that falls under a significant enhancement request. Of course the email is listed in the activity section. I guess another possible future feature would be to have notifications marked in the activity log as just documenting the notification was sent, or document the entire notification as it does now. This may even be possible now, but I have not seen a way to do this.
Thanks again for looking