Business Rule based on user's roles not working when role is inherited from group

Ahmad6
Giga Expert

‎02-17-2020 05:50 PM

Hi all,

I have a requirement to grant users a custom list layout based on whether they have a certain role which I achieve by building the list in sys_ui_list and sys_ui_list_element (and delete the records once the role is removed from the user). My assumption to run the business rule on sys_user_has_role appears to be incorrect, because that only seems to trigger when I add the role manually to the user. What table do I need to refer this BR to in order to trigger on inherited roles?

Basics of the code is below, I replaced it with just an info message onscreen to conclude the above observation.

 

 

//Check if user still has one of the special roles after that role was either inserted or deleted into sys_user_has_role
var gr = new GlideRecord('sys_user_has_role');
gr.addQuery('user', current.user);
gr.addQuery('role.name', 'ENDSWITH', 'special');
gr.query();
if(gr.next()){
  //create sys_ui_list and sys_ui_list_element records
} else {
 //delete all sys_ui_list and sys_ui_list for specififc table for that user
}

 

Edit: I've tracked down the script that creates the user role once a user is added to a group, script include RoleManager and within that the roles are indeed inserted into "sys_user_has_role", does anyone have an idea why a business rule triggering on insert/deletion might not work?

Labels:
0 Helpfuls
  • 3,291 Views
12 REPLIES 12

Allen Andreas
Administrator
Administrator

‎02-17-2020 06:45 PM

Hi,

Do you have any conditions set for the BR?

Is this a before BR?

You can look at using actions instead? Like:

if (current.operation() == "insert" && current.role == 'sys_id_of_role') {

For example...

Doing that helps move away from a GlideRecord query as you're already on that table with the BR anyway.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Ahmad6
Giga Expert
In response to Allen Andreas

‎02-17-2020 07:16 PM

Hi Allen,

 

I am using an after insert/delete BR with that role as the condition but even if I remove the condition altogether it only runs on roles that I add to the user explicitly. It's almost as if the roles that are inherited aren't actually added to the table but stored in a "calculated" table.

My other solution which I don't want to do is to override the OOB script include "RoleManager" and move my code into a function which is called through there when it finds this role.

0 Helpfuls

rajneeshbaranwa
Giga Guru
In response to Ahmad6

‎02-17-2020 07:20 PM

Is there any setWorkFlow(false) condition in the RoleManager script, that is stopping this business rule to start? 

0 Helpfuls

Ahmad6
Giga Expert
In response to rajneeshbaranwa

‎02-17-2020 07:30 PM

No there aren't, for reference this is the location of the RoleManager script include:

https://<INSTANCE>.service-now.com/sys_script_include.do?sys_id=f47ff3677f00000100172c359d69e316

I've tested further and can confirm that the roles are definitely be found in the sys_user_has_role using GlideRecord query, so now we're down to something blocking the BR from being run when a role is added to sys_user_has_role via inheritance instead of direct assignment.

0 Helpfuls