« Back to blog

Do Scheduled Reports run under inactive users?

March 2, 2025

Are you sure you know how Scheduled Reports behave when their original scheduler leaves your organization?

Is the data still leaving the platform?

Or is the deactivation of her account enough to stop data from being sent out?

Or is removal of all the roles needed?

Do we need to clean them up in some way?

I was not 100% sure myself and ServiceNow Documentation did not answer it completely for me either. This is what docs say “Data may not appear on reports created by an individual whose user account is deactivated. To ensure that the desired data appears, an active user must recreate the scheduled report.”.

To answer these questions, I tested it myself. I decided to share my findings in case they help anyone. I know this article is no longer relevant for those on “Platform Analytics”. I might conduct a similar test for “Platform Analytics” in future.

How did I test it?

A scheduled report is executed under user account that is tracked in "Run as" field. This field might not be on the form, but it is automatically populated by the user who created the Scheduled Report. Users with "report_scheduler" can't modify this value, while system administrators can.

I conducted my tests on Yokohama PDI using “ITIL User” and setting up a simple report on “incident” table. I have scheduled the report with “Run as” to be the “ITIL User” and to be sent every minute. I conducted the tests on List report and then on Donut report type.

Then I modified the “Run as” user (e.g., deactivating it, removing roles, locking it out) and checked how the email sent looked like (did it contain the data or not?).

Example of Scheduled Report with inactive Run as user

Be aware that these tests are limited and not a bulletproof assessment. Therefore, if you plan to take concrete actions based on this, ensure to re-test on your own instance as for different versions it could behave differently.

What were the results?

I have captured the results in a table tracking what I have seen happening for “List” and “Donut” report types based on the setup of “Run as” user.

Table: What happens if Scheduled Report run under different Run as user.

So, to answer the questions posed at the beginning of this article:

  • Is deactivation of her account enough to stop sending data out of the platform?
    • No, deactivation of the user account does not stop Scheduled Reports of that user.
  • Is removal of all roles needed as well?
    • Yes, removal of roles would probably stop sending out data (not the email) as “Report View ACLs” won’t be met typically. But there are some edge cases and you need to have proper “Report View ACLs” configured.
  • Do we need to clean them up in some way?
    • I would say yes.

What are the interesting findings?

  • Deactivation or locking out a user does not stop data from going out of the platform. Depending on our data governance, we might want to take further actions and deactivate such Scheduled Reports where “Run as” is inactive.
  • If “Run as” user has empty “User ID” field value, the Scheduled Report runs under “system” which means it meets all ACLs that might not have been met by the user. We might want to review such Scheduled Reports to see if they are not against our data governance.
  • Also, notice that Emails are sent in all the cases above. Maybe we are sending a lot of unnecessary emails for reports scheduled several years ago without any valid content.

What do I take out of it?

Besides having proper governance around Scheduled Reports, defining who should be allowed to use them and who is a valid recipient (internal users vs. external emails), I would consider to:

  • Review your existing Scheduled Reports where “Run as” is inactive, or having empty “User ID” and decide on deactivating them or changing the “Run as”.
  • Define a process for ongoing maintenance. Do we remove roles from deactivated users automatically? Or do we automatically deactivate Scheduled Reports when “Run as” is deactivated?

Many times when Scheduled Reports are configured by system admins, the “Run as” is set to “System Administrator” user. While this is valid approach, in my opinion it does not remove from us the task of reviewing these Scheduled Reports on regular basis. Are they still supposed to be sent 5 years later? Who owns them? Are all the recipients still supposed to receive the data and who is checking this?

Bonus: Do you want to find easily emails sent by a scheduled report? Check out my simple UI action that adds a link to the Scheduled Report form "Show Emails". Ensure to test first in non-production, align it to your company scripting standards, use at your own risk.

Are you in ServiceNow reporting? Check out also my 3 tips to enhance reporting security.