Part 5 - ‘Run As’ another user


In this series of blogs, I’ll explore some Blue Prism ‘hacks’ or tips I have accumulated over the years. Where possible I’ll acknowledge the developer or person who first enlightened me to the possibility of using Blue Prism this way. But first, a warning: a lot of these techniques are not supported or endorsed by Blue Prism or myself. Working ‘outside the box’ may cause unintended consequences to your object, process or environment. That said, I have seen all these used without any obvious adverse effects.

Summary: Use the Windows Run-As function to run Blue Prism as another user with different access rights than the currently logged in user.

In single sign-on AD environments, Blue Prism starts in the context of the currently logged in user. Normally this isn’t an issue, but in some cases you need a more creative approach. For instance, if you are logged in as a Runtime Resource (Robot) for testing and need to access Blue Prism functions that the robot account can’t - e.g. typically Runtime Resources can’t edit processes, but you’ll often need edit access to test or debug development correctly.

In these cases, you can use the Windows Run-As function to start Blue Prism as another user to get the access you require - but there is a trick to it.

Typically, you Shift+right-click in Windows to access the Run-As function. If you do this with the standard shortcut that Blue Prism creates, you won’t see the option. This is because of a restriction with this shortcut.

To work around this issue, just create a new shortcut from the Blue Prism program folder.

This will add another shortcut to the desktop. Now Shift+right-click this one and you’ll see the option to run as a different user. 

This doesn’t bypass any governance or auditing; it just allows you to use multiple users for Blue Prism under the same logged in account.

There are also use cases for this tip such as authenticating or running single sign-on applications using credentials from another AD forest (not currently supported by Blue Prism, even in forests that have trusts established).

This hack isn’t perfect, though. If you are running Blue Prism as a different user, accessing some functions (like connections to the Exchange server) may not work, as Blue Prism will use the context of the account logged into Blue Prism, not the account logged into Windows.

If you have any other tips or hacks let me know by leaving a comment below or through LinkedIn.

Author

Shayde Boryer

shayde.boryer@q4.co.nz

Executive Director

Q4 Associates

https://www.linkedin.com/in/shayde-boryer/

Comments

No posts found

Leave a comment