Unable to assign admin role using workflow run script activity


Description

There is a role called 'admin' which provides most of the access .When we try to provide the admin access to a particular role we should have the admin role or the elavated role i.e security admin

When there is a requirement where the role 'admin' needs to be added to the user when a catalog request is submitted

For this Requirement, if the workflow run script activity is used to add the role with the below script but still the role is not being added even the request is made from admin user

Steps to reproduce:

1.Create a catalog item with requested for reference fields to the sys_user table

2.Create a workflow with the begin,timer,run script, and end activity

3.Write a script which glide records on the sys_user_role table and adds the adminrole to the requested_for table

4 Attach the workflow to catalog item and submit the request

5.Impersonate a user who has admin role

6.Make a request for the catalog

7.Check if role is added to the requested for user

Cause

For adding the admin role the assigning user need to have the admin role or security_admin role but when the timer activity is placed even thought the request is being made by the admin user the transaction will be breaked and runs the next activity under the system which doesnot have the admin or security_admin role

As the system is an internal user the system will not have the above mentioned roles and will not be able to assign the admin role

Resolution


When the timer activity is used the transaction is moved to system which is an internal user
The system or internal user will not be able to add the admin role
There are two ways to get the admin role assigned through workflow

1. In the run script activity elevate the role when the script is running using the below code

'GlideSecurityManager.get().enableElevatedRole('security_admin');'

2.Removing the timer activity and checking if the user who requested the catalog request is having the admin user