ServiceNow Administration

vidyajadhav · ‎06-24-2025

How to get the roles details which are not in use Or want such list of roles in which any groups or users are not added

Chaitanya ILCR · ‎06-24-2025

var rolesList =[];

var roleGr = new GlideRecord("sys_user_role");
roleGr.query();
while (roleGr.next()) {
    var urGr = new GlideRecord('sys_user_has_role');
    urGr.addEncodedQuery('role=' + roleGr.getUniqueValue());
    urGr.query();
    var grpRGr = new GlideRecord('sys_group_has_role');
    grpRGr.addEncodedQuery('role=' + roleGr.getUniqueValue());
    grpRGr.query();
    if (!urGr.hasNext() && !grpRGr.hasNext()) {
        rolesList.push(roleGr.getValue('name'));
    }
}
gs.info(rolesList.join())

you can run this script in the background script to see the list of unused roles

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

View solution in original post

Community Alums · ‎06-24-2025

Hi Vidya,

Please find the below code to find out the roles:

// Collect roles with no group assignment
var rolesNoGroup = [];
var rg = new GlideRecord('sys_user_role');
rg.query();
while (rg.next()) {
  var grGroupHas = new GlideRecord('sys_group_has_role');
  grGroupHas.addQuery('role', rg.sys_id);
  grGroupHas.query();
  if (!grGroupHas.next()) {
    rolesNoGroup.push(rg.sys_id.toString());
  }
}

// Collect roles with no user assignment
var rolesNoUser = [];
var ru = new GlideRecord('sys_user_role');
ru.query();
while (ru.next()) {
  var grUserHas = new GlideRecord('sys_user_has_role');
  grUserHas.addQuery('role', ru.sys_id);
  grUserHas.query();
  if (!grUserHas.next()) {
    rolesNoUser.push(ru.sys_id.toString());
  }
}

// Identify roles neither in a group nor used by any user
var unusedRoles = [];
for (var i = 0; i < rolesNoGroup.length; i++) {
  var id = rolesNoGroup[i];
  if (rolesNoUser.indexOf(id) !== -1) {
    var rol = new GlideRecord('sys_user_role');
    if (rol.get(id)) {
      gs.info('Unused Role: ' + rol.name);
      unusedRoles.push(rol.name.toString());
    }
  }
}
gs.info('Total unused roles found: ' + unusedRoles.length);

Please let me know if you need anything else.

Please mark the response as helpful/correct if it helps.

Best Regards,
Brahmjeet

vidyajadhav · ‎06-24-2025

getting the below error in code. should i mention any role name which does not have any group or user added


Script execution error: Script Identifier: null.null.script, Error Description: "rolesNoGroup" is not defined., Script ES Level: 0
Evaluator: com.glide.script.RhinoEcmaError: "rolesNoGroup" is not defined.
   script : Line(2) column(0)
      1: var unusedRoles = [];
==>   2: for (var i = 0; i < rolesNoGroup.length; i++) {
      3:   var id = rolesNoGroup[i];
      4:   if (rolesNoUser.indexOf(id) !== -1) {
      5:     var rol = new GlideRecord('sys_user_role');
 Stack trace:
	at null.null.script:2

Chaitanya ILCR · ‎06-24-2025

Hi @vidyajadhav ,

var rolesList =[];

var roleGr = new GlideRecord("sys_user_role");
roleGr.query();
while (roleGr.next()) {
    var urGr = new GlideRecord('sys_user_has_role');
    urGr.addEncodedQuery('role=' + roleGr.getUniqueValue());
    urGr.query();
    var grpRGr = new GlideRecord('sys_group_has_role');
    grpRGr.addEncodedQuery('role=' + roleGr.getUniqueValue());
    grpRGr.query();
    if (!urGr.hasNext() && !grpRGr.hasNext()) {
        rolesList.push(roleGr.getValue('name'));
    }
}
gs.info(rolesList.join())

you can run this script in the background script to see the list of unused roles

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

vidyajadhav · ‎06-24-2025

Hi Chaitanya,

Thank you so much it worked.