Can I have a workflow run in it's entirety as the admin user?

jenwickersham · ‎03-06-2020

Hey friends!

I have a workflow that creates tasks for multiple teams who only have visibility to their own tasks (both via ACLs and Before Query Business Rules). Is there a way to have the workflow run entirely as the admin user so that it doesn't matter who can see which tasks? I have a timer at the beginning that usually has the workflow do just.

In this particular workflow, I am trying to use the out of box branch and join activities with all of the associated tasks in between. When someone on one team closes their task the rest of the tasks have their activity results set to "deleted" and the workflow finishes out with all other tasks sitting open. I'm told this is due to our before query business rules but we can't remove them at the moment due to the experience users receive with the "records removed due to security constraints" message.

Any suggestions on how to get the workflow to run as admin? Or am I stuck putting scratchpad variables back into my workflow and counting when all of the tasks are done.

Thanks!

Tanaji Patil · ‎03-08-2020

Hi,

Unfortunately thats not possible.

Have you tried using Wait for condition with script instead of Branch and Join?
I mean remove branch and join, create tasks (and dont wait for the closure) followed by a Wait for condition having script which checks if all underlying tasks are closed or not. I remember I had to add a business rule to force the update from child table i.e. sc_task table to RITM so that the Wait for condition is evaluated again. But ServiceNow added "SNC - Run parent workflows" few release ago to do the same OOTB.

In the Wait for condtion script you can use setWorkFlow(false) while doing a query which will override the BR. ACLs does not stop you from querying.

Check if this helps-
https://community.servicenow.com/community?id=community_question&sys_id=845d03e9db9cdbc01dcaf3231f96...

-Tanaji

Please mark responses helpful/correct based on the impact.

View solution in original post

Brian Lancaster · ‎03-06-2020

Try adding gs.getSession().isInteractive() as a condition on your business rules. This should prevent it from running during workflow activities.

Allen Andreas · ‎03-06-2020

Hi,

Sorry, I'm not fully understanding what the issue is or how there became an issue. Are the tasks not set to go to specific teams? With that said, are your ACLs and before query BRs on some sort of condition that it must be created by a member of that team in order for them to see it?

Could you not allow that if the task is assigned to their team they can see it?

Please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

Roger Poore · ‎03-08-2020

Rather than have the workflow run as admin, you could create a REST API that does the back end stuff you need to do as admin. You create an outbound REST call with an auth profile that is an admin that will be used to call the REST API. Add a run script activity in your workflow to trigger the outbound REST message.

Essentially, that run script activity will be running as admin. Just make sure it's secure.

Tanaji Patil · ‎03-08-2020

Hi,