This page contains all the files and detailed instructions to install GuardRails on your instance.
For our latest user guide, please follow this link:
You must install GuardRails in production first. Please follow the instructions below to complete the production installation before beginning installation on sub-production. The order of instructions must be followed in sequence. If you do not follow these instructions in sequence, unexpected behaviour will occur.
The following instructions only need to be completed once on your production instance. To deploy GuardRails into production, you must create a Service Account with an Admin role. We have streamlined this account creation process below with an automated script that will generate the account with the required role(s). To run this automated script:
/* Function to generate combination of password */
function generatePass() {
var pass = '';
var str =
'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
'abcdefghijklmnopqrstuvwxyz0123456789@#$';
for (var i = 1; i <= 20; i++) {
var ch = Math.floor(Math.random() * str.length + 1);
pass += str.charAt(ch);
}
return pass;
}
var scope = gs.getCurrentScopeName();
gs.info('GuardRails Installer Starting...');
try {
if (scope != 'rhino.global') {
throw 'Current scope is not Global. Please change application scope to Global before running installer.';
}
gs.info('Setting Table Flags...');
var gr = new GlideRecord('sys_db_object');
gr.addQuery('name', 'sys_upgrade_history_log');
gr.query();
if (gr.next()) {
gr.access = 'public';
gr.read_access = true;
if (gr.update()) {
gs.info('Successfully updated sys_upgrade_history_log.');
}
}
var gr = new GlideRecord('sys_db_object');
gr.addQuery('name', 'sys_update_version');
gr.query();
if (gr.next()) {
gr.read_access = true;
if (gr.update()) {
gs.info('Successfully updated sys_update_version.');
}
}
gs.info('Installing GuardRails Pipelines dependencies...');
} catch (err) {
gs.error('GuardRails Installer Error: ' + err);
}
//Create Service Account
gs.info('GuardRails Production Installer Starting...');
var gr = new GlideRecordSecure('sys_user');
gr.initialize();
var password = generatePass();
var username = 'GuardRailsSvcAccount';
gr.user_name = 'GuardRailsSvcAccount';
gr.web_service_access_only = true;
gr.user_password.setDisplayValue(password);
gr.active = true;
var user = gr.insert();
gs.warn(
'WARNING: THIS PASSWORD WILL ONLY BE DISPLAYED ONCE. PLEASE COPY AND STORE IN CLIPBOARD FOR FUTURE REFERENCE'
);
gs.info('Service Account Created with Password:' + password);
gs.info('Granting Service Account Admin...');
var nr = new GlideRecordSecure('sys_user_has_role');
nr.initialize();
nr.user = user;
nr.role = '2831a114c611228501d4ea6c309d626d'; //admin
nr.insert();
gs.info('Granted Admin role.');
gs.info('Setting GuardRails Properties...');
var produrl =
'https://' + gs.getProperty('instance_name') + '.service-now.com/';
//set properties
gs.setProperty('x_dynas_guardrails.dev.password', password);
gs.setProperty('x_dynas_guardrails.dev.username', username);
gs.setProperty('x_dynas_guardrails.production.url', produrl);
gs.setProperty('x_dynas_guardrails.production.username', username);
gs.setProperty('x_dynas_guardrails.production.password', password);
gs.info('Completed setting properties.');
/* Function to generate combination of password */
function generatePass() {
var pass = '';
var str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' +
'abcdefghijklmnopqrstuvwxyz0123456789@#$';
for (var i = 1; i <= 20; i++) {
var ch = Math.floor(Math.random()
* str.length + 1);
pass += str.charAt(ch)
}
return pass;
}
var scope = gs.getCurrentScopeName();
gs.info("GuardRails Installer Starting...");
try {
if (scope != "rhino.global") {
throw "Current scope is not Global. Please change application scope to Global before running installer.";
}
gs.info("Setting Table Flags...");
var gr = new GlideRecord("sys_db_object");
gr.addQuery("name", "sys_upgrade_history_log");
gr.query();
if (gr.next()) {
gr.access = "public";
gr.read_access = true;
if (gr.update()) {
gs.info("Successfully updated sys_upgrade_history_log.");
}
}
var gr = new GlideRecord("sys_db_object");
gr.addQuery("name", "sys_update_version");
gr.query();
if (gr.next()) {
gr.read_access = true;
if (gr.update()) {
gs.info("Successfully updated sys_update_version.");
}
}
gs.info("Installing GuardRails Pipelines dependencies...");
} catch (err) {
gs.error("GuardRails Installer Error: " + err);
}
//Create Service Account
gs.info('GuardRails Sub Production Installer Starting...');
var gr = new GlideRecordSecure('sys_user'); gr.initialize();
var password = generatePass();
var username = "GuardRailsSvcAccount";
gr.user_name = "GuardRailsSvcAccount";
gr.web_service_access_only = true;
gr.user_password.setDisplayValue(password);
gr.active = true; var user = gr.insert()
gs.warn('WARNING: THIS PASSWORD WILL ONLY BE DISPLAYED ONCE. PLEASE COPY AND STORE IN CLIPBOARD FOR FUTURE REFERENCE');
gs.info('Service Account Created with Password:'+password);
gs.info('Granting Service Account Admin...');
var nr = new GlideRecordSecure('sys_user_has_role');
nr.initialize();
nr.user = user;
nr.role = '2831a114c611228501d4ea6c309d626d'; //admin
nr.insert();
gs.info('Granted Admin role.');
gs.info('Setting GuardRails Properties...');
//set properties
gs.setProperty("x_dynas_guardrails.dev.password", password);
gs.setProperty("x_dynas_guardrails.dev.username", username);
gs.info('Completed setting properties.');
Download all file(s) from the links above. These files are XML Update Sets. The following instructions will walk you through how to install these files.
To complete the following instructions, ensure you are logged in with [‘Admin’] role. Install these files after you have installed GuardRails or have updated GuardRails to the latest version on the instance.
GuardRails Requires cross scope access to applications in order to monitor and scan those applications. As a result, cross-scope access must be granted to GuardRails in order for the application to function. To grant access please follow these steps:
GuardRails Requires Table read access to tables, if the above debugging rules do not work, perform the following steps:
Sometimes, the cross-scope issue cannot be resolved because ServiceNow has a known error because of the access cache in the application node. There are two methods to resolve this:
OR run the script:
GlideTableManager.invalidateTable(“sys_update_version”);
GlideCacheManager.flushTable(“sys_update_version”);
For troubleshooting why a Pipeline Instance is not correctly building please check the following before reaching out to us directly:
**Pipelines can ONLY be run in a production instance. Pipelines should not be configured or run in a sub-production instance.**
This issue is caused by cross-scope issues. Please follow the GuardRails Debug troubleshooting steps in order to resolve. All cross-scope issues must be resolved before running a system scan.
© 2025 Dyna Software Inc. All Rights Reserved | Developed by NoloWeb