Andrew Barnes

3 minute read

It is ServiceNow’s new release season! With the Paris release in Early Access, we will show some enhancements targeted around being more effective and efficient as a developer. To get access to these new things, you have to upgrade! This article will be about two new features in Flow Designer. To view the whole list, check out the release docs.

Run with Roles

One new enablement is Run with Roles in the trigger settings for a flow. Existing users of flow will be familiar with the run as user, or run as system. Sometimes running as user was too restrictive, and sometimes running as system was overly permissive. Run with roles is a bed of just the right size for your flow to sleep in. The new option is available for any flow, in the flow properties, which have Run As to User who initiates session.


When using this new feature, there are a few things to take note of. Particular scopes and roles are needed for some protected data that even the run as system isn’t allowed to access that is now available. The user creating or updating the flow must have a role to select the role. Some roles are never allowed:

  • security_admin
  • admin
  • maint
  • scoped admin

Content filtering in Flow Designer

Content filtering is a brand new offering in Paris for Flow Designer. To help users create flows, narrow down the available actions/subflows to just the ones they are authorized to use. There are hundreds of actions currently available, and that will continue to grow over time. Very few of the flow authors will need to or even should be able to see and use an HR spoke. Let’s take a look at adding an action without any filtering applied in the picture below. Perhaps the user should not be able to disable computers, so let us make it so they can’t see that option.


Before filtering can be used on the flow content (triggers, actions, and subflows), the content must be identified and grouped. The content definition table is sys_hub_resource. A table picker combined with a condition builder on the content definition records groups the content. A few are provided out of the box to help get started. All actions, all action steps, all flow logic, all flows, and subflow are a few of the provided definitions. These should just be used as examples of how to find the flow content you wish to group.


Once the definitions are added, the next step is to create the content filtering rules. The new table is sys_hub_resource_filter_rule and connects content definitions to user roles to apply the filtering. Note the label is Resource Definition for the Content Definitions as discussed above. Once you have the roles and definitions set up, the experience for the flow authors will be greatly streamlined and require less review for flows performing unauthorized actions. Try to keep the filters narrowed down to provide granular access as it helps the authors and reviewers.


When creating these definitions and roles, you should keep them in the same scope as the target records. So, if you are creating a spoke, the definitions should also be contained in that same scope. None of the provided definitions and filter rules should prevent viewing content for existing users, but instead can be adopted as appropriate after the upgrade to Paris.


I hope you enjoyed this look into two new Flow Designer features included in Paris. Please provide feedback on how these features will help you work faster or anything else you wish to share about Flow Designer or Paris below.