Clone - Cleanup Scripts to give admin role to a group after clone on target instances

CV1
Tera Contributor

Hi Everyone,

We have a Group "Group Dev Admin" with users added. We what to give this group admin role on target instances(Dev /UAT) after the clone.

Put the following code in post clone script.

if (instanceName == 'dev' || instanceName == 'uat') {
    var groupName = 'ADMIN Dev';
    var addDEVAdminRoleToGroup = new GlideRecord('sys_user_group');
    addDEVAdminRoleToGroup.addQuery('name', groupName);
    addDEVAdminRoleToGroup.query();
    while (addDEVAdminRoleToGroup.next()) {
        var roleDEVAdminGroup = new GlideRecord('sys_group_has_role');
        roleDEVAdminGroup.initialize();
        roleDEVAdminGroup.group = addDEVAdminRoleToGroup.sys_id;
        roleDEVAdminGroup.role = '2831a114c611228501d487969d626d';
        roleDEVAdminGroup.insert();
    }
}
 
This is not working and having to give admin roles on on-prod manually.
Please advise .
TIA
4 REPLIES 4

ersureshbe
Giga Sage
Giga Sage

Hi, May you can use 'Background script' once clone is completed. You can run your code in background script and enable the privilege for your required group.

 

Regards,
Suresh.

TLDR: assign the admin role to a group manually and then let it not be cloned over ever again (point 3)...

  1. First option is to grant the roles by script.
    Perhaps a fix script or scheduled job would be better in terms of maintenance of the code to the future than a background script, both of these scripts can be executed manually on demand.
  2. Or you can have the group in the Source environment (PROD) and import it via XML after the clone is done (filter and export the desired data in following tables: Group [sys_user_group], Group Roles [sys_group_has_role], and Group Members [sys_user_grmember]).
  3. Another option is to make exception from being cloned over - there are two options Exclude tables [clone_data_exclude] (you will select tables that will not be cloned from the source env), and/or the Data Preserves [clone_data_preserver] where you can select a table, give it soem conditions and these particular set of data will remain untouched...

    KamilTerl_0-1729626112308.png

     



    KamilTerl_1-1729626185731.png

     

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


Dipu Joy
ServiceNow Employee
ServiceNow Employee

I do not think the roles in sys_group_has_role are cascaded to users unless a UI update triggers the business rules(Role inheritance)

It would be good if you could read the users in the group and update the admin to individual users on sys_user_has_role, which should solve the issue.

Also, please ensure the admin sys_user_role sys_id is the same across all instances.

 

 

CV1
Tera Contributor

can we create a flow to add the roles to the users list and call that in cleanup script?