Automating role and group removal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-21-2017 05:50 PM
Hello Team,
I have been working on this today based on a current manual task i undertake weekly which is tedious.
I have found lots of scripts that do similar things to what i need but not quite what i am after.
I would like to run a scheduled task to run weekly or business rule for a few scenarios.
1. to remove roles and group membership from an inactive user after 7 days.
This would include a note in a variable on the users record called 'u_notes' of the 'roles' that have been revoked.
2. to remove 'itil' role based on 90 days from last_logon_time with exception of specific users eg; our 'vip = true' users (our CEO or bookies).
3. Expired (or expiring) itil Licences for itil to fire off a notification ((TAB) ITIL Licence Expiry Reminder) 2 weeks before expiry and on expiry ((TAB) ITIL Licence Expiry).
The expiry email will be fired after the role has been removed.
Note: i don't want to delete the user record from within the group or roles, just remove them (keep the user record in tact).
Any help or guidance is greatly appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-21-2017 06:53 PM
Awesome!! Happy to help.
Please mark 'Answered' or 'Helpful' if your question is now answered/resolved.
Sent from Yahoo Mail for iPhone
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-21-2017 06:26 PM
This script will work for your second requirement, please test this as i haven't tested this script. FYI, Previous script will also delete "ITIL" role. If you dont want that to happen then pelase add an exemption to ignore ITIL role in the query.
var usr = new GlideRecord('sys_user');
usr.addEncodedQuery('last_login<javascript:gs.daysAgoStart(90)^vip=false');
usr.query();
while(usr.next())
{
// script to remove ITIL role of this user
var role = new Gliderecord('sys_user_has_role');
role.addQuery('user',usr.sys_id);
role.addEncodedQuery('role=282bf1fac6112285017366cb5f867469');
role.deleteMultiple();
}
Please mark "Helpful' or "Answered" if this answers your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-21-2017 06:27 PM
Can you explain the third requirement with context please?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-21-2017 06:34 PM
3. Expired (or expiring) itil Licences for itil to fire off a notification ((TAB) ITIL Licence Expiry Reminder) 2 weeks before expiry and on expiry ((TAB) ITIL Licence Expiry).
The expiry email will be fired after the role has been removed.
Hi Raghu,
Clarification: so we set a 1 year license expiry for most users, i would like to setup a reminder notification based on the variable 'u_access_expiry' 14 days out from set expiry.
once expired, the role removes and a nother notification is sent advising the user that this has happend.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-21-2017 06:43 PM
Got it, you can write a schedule job to run everyday and query all the records where the condition says 'u_access_expiry is 14 days from now' and the trigger an event.
Create a notification which can be triggered by above event. I won't be able to give you the script at this moment as I don't have access to system. Will be back in couple hours and I'll update.
Sent from Yahoo Mail for iPhone
