Inbound email flow replies with unregistered users
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2023 01:42 PM
Hi,
I'm currently working on creating an inbound email flow for incoming replies to cases (or rather, a custom case type based on CSM cases). The people replying will not be ServiceNow users, to them, all interactions are done via email (agents use the email client).
When I create an inbound email flow, I can select my custom case table in the "Reply Record Type" dropdown field in the trigger section. If I do that, though, the flow will never execute, since it'll run as the "guest" user, which apparently doesn't have access to the custom table. The email log will say something like:
Trigger 8f627c673ba7e55047c37495cf4bcbae: Unable to access target record for table name x_custom_case_table, skipping
Now, I got this to work by using a workaround (leaving the "Reply Record Type" field empty, and starting a subflow as System User, which will then run the actions I need), but all the stuff I had to do for that felt pretty dirty. For example, I encountered errors when passing the target record to my subflow (I assume this is because I left the "Reply Record Type" field blank), so I had to use a script in the subflow parameters, and so on.
It works now, but it doesn't feel good. Does anyone of you have experience with reply inbound email flows and unregistered users? Is it possible to somehow change the ACLs to allow this "guest user" (which doesn't really exist on the instances) to access the table, so that I can ditch all those subflow shenanigans?
Thanks for your help,
Max
- Labels:
-
Flow Designer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-26-2023 08:29 PM
Hi, inbound actions are processed using the access rights of the sys_user account that maps to the sender of the email, so even if your end users will not login to the instance, adding them as users\contacts (with snc_external role) should allow proper of the end to end process.
If your organization is relying on the guest account for email processing, then you are likely to find issues that need to be worked around but providing higher levels of access to 'guest' could result in considerable security risk and needs to be carefully considered.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2024 05:30 PM - edited 12-13-2024 07:02 AM
I faced the same issue. To trigger the flow, the guest user would need the proper permissions for the table specified in the 'Reply Record Type' field, which is present in the flow trigger. The solution I found was not to fill in the table in this field but instead that, you can retrieve the record through a look up record action passing the email object's data pill field named 'target' with the 'document ID' type. This field references the respective record associated with the email, so you can handle the necessary processing through it.
Images here:
