Scheduled Jobs without a dedicated integration user

Impact area




Affected elements

Scheduled Email of Report, Scheduled Entity Generation, Scheduled Email of Custom Chart, Scheduled Report Summary Generation, Scheduled Script Execution, Scheduled Email of Query Builder, Scheduled Data Collection, Benchmark Scheduled Script, Scheduled Data Import Set

Rule ID



Scheduled jobs that run using the default admin user can introduce security weaknesses. The improper access control regarding automated scripts can lead to access to sensitive information or risky commands executions. For this reason, the user used to run the scheduled job should be marked as internal_integration_user and should have the minimum required roles. 


Run as user in automated scripts should have internal_integration_user field checked in user record. 

Time to fix

10 min


This rule is linked to Common Weakness Enumeration CWE-284 Improper Access Control.

Last modified on Jul 28, 2021