Skip to main content

ServiceNow dynatraceapi user getting logged out due to ACL permissions - steps to diagnose

 



- I located the error by viewing the flows from the 'Link to execution' list under 'Alert Execeutions' here:

/em_alert_management_rule.do?sys_id=7f5e284e07032010b1306a77c4a93523


- Click through to any of the links to execute references the flow designer and you will then see under Action 6:
'The requested flow operation was prohibited by security rules'
- You can review the flow operation and attempt to impersonate the dynatraceapi user with the ACL debugging tools turned on and see if you can find the ACL restricting the user.
- Please refer to our following Docs:
KB1008036 - ACL troubleshooting reference
KB1008035 - ACL debugging tools

Please let me know how you get on with this and if leaving the 'SGO-Dynatrace' alert management rule inactive stops the lockout and your alerts are still working as intended for your organisation we could potentially close out this case unless you require further information.


Comments

Popular posts from this blog

Get URL Parameter - server side script (portal or classic UI)

Classic UI : var sURL_editparam = gs . action . getGlideURI (). getMap (). get ( ' sysparm_aparameter ' ); if ( sURL_editparam == 'true' ) { gs . addInfoMessage ( 'parameter passed ); } Portal : var sURL_editparam = $sp . getParameter ( " sysparm_aparameter " ); if ( sURL_editparam == 'true' ) { gs . addInfoMessage ( 'parameter passed ); }

ServiceNow check for null or nil or empty (or not)

Haven't tested these all recently within global/local scopes, so feel free to have a play! option 1 use an encoded query embedded in the GlideRecord , e.g.  var grProf = new GlideRecord ( 'x_cls_clear_skye_i_profile' ); grProf . addQuery ( 'status=1^ owner=NULL ' ); grProf . query (); even better use the glideRecord  addNotNullQuery or addNullQuery option 2 JSUtil.nil / notNil (this might be the most powerful. See this link ) example: if ( current . operation () == 'insert' && JSUtil . notNil ( current . parent ) && ! current . work_effort . nil ())  option 3 there might be times when you need to get inside the GlideRecord and perform the check there, for example if the code goes down 2 optional routes depending on null / not null can use gs.nil : var grAppr = new GlideRecord ( 'sysapproval_approver' ); var grUser = new GlideRecord ( 'sys_user' ); if ( grUser . get ( 'sys_id' , current . approver )){