Automatically Add user/remove user from Specific Group

Ankita Gupte · ‎10-11-2024

What is best way to achieve below scenario:

Applicable only to active users if the Company is not ABC

If user has itil role then remove him to "Non-itil group"

If user does not have itil role then add him to "Non-itil group"

This should run on user record update/created

Eshwar Reddy · ‎10-11-2024

Create a After BR (Create and Update) on User table

Condition : Active is true and Company is not ABC
Script
var itilRole = 'itil';
var nonItilGroup = 'Non-itil group';

// Check if the user has the itil role
var userHasItilRole = current.hasRole(itilRole);

// Logic to add or remove the user from the Non-itil group
if (userHasItilRole) {
// Remove user from Non-itil group if they have itil role
var groupGr = new GlideRecord('sys_user_grmember');
groupGr.addQuery('user', current.sys_id);
groupGr.addQuery('group.name', nonItilGroup);
groupGr.query();
if (groupGr.next()) {
groupGr.deleteRecord(); // Remove from Non-itil group
}
} else {
// Add user to Non-itil group if they do not have itil role
var newGroupMember = new GlideRecord('sys_user_grmember');
newGroupMember.initialize();
newGroupMember.user = current.sys_id;
newGroupMember.group = new GlideRecord('sys_user_group').get('name', nonItilGroup).sys_id; // Get the group ID
newGroupMember.insert(); // Add to Non-itil group
}

Please mark this response as Correct and Helpful if it helps you can mark more that one reply as accepted solution

Thanks
Esh

Ankita Gupte · ‎10-14-2024

HI Eshwar,

Thank you for script.

I tried adding user in group having itil role but non itil group did not get removed.

Siddhesh Jadhav · ‎10-14-2024

Hi @Ankita Gupte,

To achieve the scenario where users are automatically added or removed from a specific group based on their role and company conditions, you can implement a business rule in ServiceNow. Here’s how to do it:

1. Configure the Business Rule:
Table: User [sys_user]
Active: Checked
When: Before
Insert: Checked
Update: Checked

2. Condition:
Use the following condition to ensure it only runs for active users whose company is not ABC:

current.active && current.company != 'ABC'

3. Script:
Add the following script in the Script section to handle adding/removing users from the "NonITIL group":

// Define the group sys_id for the Non-ITIL group
var nonItilGroupSysId = '<sys_id_of_non_itil_group>'; // Replace with the actual sys_id

// Check if the user has the itil role
var hasItilRole = current.hasRole('itil');

// Get the user's current group memberships
var grMembership = new GlideRecord('sys_user_grmember');
grMembership.addQuery('user', current.sys_id);
grMembership.addQuery('group', nonItilGroupSysId);
grMembership.query();

if (hasItilRole) {
    // If the user has the ITIL role, remove them from the Non-ITIL group
    if (grMembership.next()) {
        grMembership.deleteRecord(); // Remove user from the Non-ITIL group
    }
} else {
    // If the user does not have the ITIL role, add them to the Non-ITIL group
    if (!grMembership.next()) {
        var newMembership = new GlideRecord('sys_user_grmember');
        newMembership.initialize();
        newMembership.user = current.sys_id;
        newMembership.group = nonItilGroupSysId;
        newMembership.insert(); // Add user to the Non-ITIL group
    }
}

Explanation

- The script checks if the user has the itil role.

- If the user has the itil role, it removes them from the NonITIL group if they are a member.

- If the user does not have the itil role, it checks for membership in the NonITIL group and adds them if they are not already a member.

If this helps to solve your query, please mark it as accepted and helpful!

Thanks & Regards

Siddhesh Jadhav