question Securing the Service Account users in Servicenow in ServiceNow AI Platform forum https://www.servicenow.com/community/servicenow-ai-platform-forum/securing-the-service-account-users-in-servicenow/m-p/2946556#M196775 <P>Hello friends,</P><P>&nbsp;</P><P>We are filtering some of our records/CIs using the Query Before Rules. However, there are few Service Accounts which need to bypass this Query before Business Rule execution. This is implemented using the filter/condition in Business rules to exclude the execution for certain users -&nbsp; condition is gs.getUserDisplayName() is not 'ABC'. However, anyone with admin access can maliciously tamper the user record to have display name as ABC.</P><P>&nbsp;</P><P>What is the most efficient way to achieve this behavior? My friend suggested to use the system properties to hold the sys_ids of the users but anyone with ADMIN access can tamper/update this system property..&nbsp;&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/701756">@GunjanK</a>&nbsp;&nbsp;</P><P>&nbsp;</P><P>Thanks in advance,</P><P>R</P> Wed, 29 May 2024 10:35:56 GMT rahulyamgar 2024-05-29T10:35:56Z Securing the Service Account users in Servicenow https://www.servicenow.com/community/servicenow-ai-platform-forum/securing-the-service-account-users-in-servicenow/m-p/2946556#M196775 <P>Hello friends,</P><P>&nbsp;</P><P>We are filtering some of our records/CIs using the Query Before Rules. However, there are few Service Accounts which need to bypass this Query before Business Rule execution. This is implemented using the filter/condition in Business rules to exclude the execution for certain users -&nbsp; condition is gs.getUserDisplayName() is not 'ABC'. However, anyone with admin access can maliciously tamper the user record to have display name as ABC.</P><P>&nbsp;</P><P>What is the most efficient way to achieve this behavior? My friend suggested to use the system properties to hold the sys_ids of the users but anyone with ADMIN access can tamper/update this system property..&nbsp;&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/701756">@GunjanK</a>&nbsp;&nbsp;</P><P>&nbsp;</P><P>Thanks in advance,</P><P>R</P> Wed, 29 May 2024 10:35:56 GMT https://www.servicenow.com/community/servicenow-ai-platform-forum/securing-the-service-account-users-in-servicenow/m-p/2946556#M196775 rahulyamgar 2024-05-29T10:35:56Z Re: Securing the Service Account users in Servicenow https://www.servicenow.com/community/servicenow-ai-platform-forum/securing-the-service-account-users-in-servicenow/m-p/2946568#M196777 <P>Hi,</P> <P>Admins will always be able to work around processes, it's why it's such a highly privileged role. If a customer is concerned about this, they need to review who has admin access in production and regulate it tightly.</P> <P>&nbsp;</P> <P>Assuming these service accounts are only using APIs, consider using the gs.isInteractive() function to check whether the transaction is a user (via a webpage) or an API call.</P> Wed, 29 May 2024 10:46:09 GMT https://www.servicenow.com/community/servicenow-ai-platform-forum/securing-the-service-account-users-in-servicenow/m-p/2946568#M196777 Kieran Anson 2024-05-29T10:46:09Z