Flows should not run using the admin role

Impact area

Security

Severity

Medium

Affected element

Flows

Rule ID

SN-0432

Impact

Adding flow roles allows a user-initiated flow access to data it would not otherwise have. If a role with admin privileges is included in the list of "run-with-roles", the flow will have access to all the data in the instance, which could cause data leaks and unintended consequences.

Remediation

Remove the role with admin privileges from the "run_with_roles" list. If necessary, create an ad-hoc role with the minimum set of permissions to run the flow, and use that instead.


Time to fix

40 min

What's here


Related content

ServiceNow rules





Last modified on Aug 12, 2022