Business rule script looking at roles users have

shanedavis · ‎01-31-2020

I have a design that I need scripting help please. On the Knowledge Base [kb_knowledge_base], when a Manger [kb_managers] adds one or more managers, I need a business rule that will determine if the user(s) being added only have the 'certification' role and, if so, stops submission and gives a message that the ServiceNow Access form needs completed for the user(s) listing their names in the message.

Thank you for any help that you can provide!

Michael Ritchie · ‎02-03-2020

Sure give the updated script a try, conditions stay the same. What it does is:

Loops through the kb_managers and compiles two lists now: 1 for users with certification role and one of names of users without
If there are invalid users, the error message will appear (which I updated slightly so feel free to edit)
If there are valid users with proper roles, it will update the kb_managers value to just those users, thus removing the invalid users
If there are no valid users, the update will abort and won't save.

(function executeRule(current, previous /*null when async*/) {
	
	var errorMessage = "The following user(s) were removed because rhe ServiceNow Access form needs completed: ";
	var validUsers = [];
	var invalidUserNames = [];
	var managerList = current.kb_managers.toString().split(",");
	for (var i = 0; i < managerList.length; i++) {
		// Search the User Role table for roles assigned to each manager.  Filtering out the "Certification" role.
		// If no additional roles are found, add the user's name to the invalidUserNames variable.
		// If user has valid roles, add them to the validUsers so the record can be updated
		var userRole = new GlideRecord("sys_user_has_role");
		userRole.addQuery("user", managerList[i]);
		userRole.addQuery("role", "!=", "ba4509c60a00070400cc0f3a60a0d30a"); //Certification
		userRole.query();
		if (!userRole.hasNext()) {
			var userRec = new GlideRecord("sys_user");
			userRec.get(managerList[i]);
			invalidUserNames.push(userRec.getDisplayValue());
		} else {
			validUsers.push(managerList[i]);
		}
	}
	
	// Present error message to user letting them know of users without proper roles.
	if (invalidUserNames.length > 0) {
		errorMessage += invalidUserNames.toString();
		gs.addErrorMessage(errorMessage);
	}
	
	// If users with valid roles have been found, set kb_managers to that list of users.  If none found abort save.
	if (validUsers.length > 0) {
		current.kb_managers = validUsers.toString();
	} else {
		current.setAbortAction(true);
	}

})(current, previous);

Please mark this post or any as helpful or the correct answer to your question if applicable so others viewing may benefit.

View solution in original post

Michael Ritchie · ‎02-21-2020

Shane, I am not able to reproduce this behavior. I have added and removed many users as a KB manager/owner. Could this be caused by the fact that one of the existing managers doesn't have the right roles? Remember this business rule runs when the managers list changes and validates all existing users so curious if one of the existing managers doesn't meet the criteria.

If not could you possibly give me steps to reproduce? I would need example users that are set as managers and what roles they currently have, etc.

shanedavis · ‎02-21-2020

Michael,

I moved the business rule to another non-prod instance and have the same issue with the same knowledge base. A brand new knowledge base did not have the issue so I turned your business rule off, removed the users from the kb that I've had an issue with, reactivated the business rule, and am testing. As soon as I am done, I'll let you know the results. To note, each user on the kb has the certification, knowledge, and knowledge_manager roles.

Shane

shanedavis · ‎02-21-2020

Michael,

I created a test knowledge base named "1Test" and performed the steps below. Where it says "success", the OOB and your script worked together correctly. Where it says "failure", it gave the error that I attached when notifying you of this issue. Basically, I can set an owner and 1 user, but am not allowed to add any users after that 1st user. At first, I thought this only to be an issue of removing persons. Note that all 6 users have the certification, knowledge, and knowledge_manager roles. User 5 also has itil and some other roles.

Added "Test User 1" as Owner
Removed all Managers from BS group
Add "Test User 1" as manager - success
Add "Test User 2" as manager - failure
Add "Test User 3" as manager - failure
Add "Test User 4" as manager - failure
Add "Test User 5" as manager - failure
Add "Test User 6" as manager - failure
Removed "Test User 1" as manager - success
No Managers exist now
Add "Test User 2" as manager - success
Add "Test User 3" as manager - failure
Add "Test User 4" as manager - failure
Add "Test User 5" as manager - failure
Add "Test User 6" as manager - failure
Remove "Test User 2" as manager - success
No Managers exist now
Add "Test User 5" as manager - success
Add "Test User 2" as manager - failure

Thank you,

Shane

Michael Jones - · ‎01-31-2020

That was a fast response and an excellent solution! The only thing I found (while trying to polish up my own solution) was that when I actually assigned the role "certification" to a user, they ended up with a second role automatically - cmdb_read. Maybe that's just in newer instances, but I thought it might be a consideration because in my own testing I was befuddled when it didn't work as expected, only to find the reason was my test users met the condition! They had a role other than certification!

If this was helpful, or correct, please be kind and remember to click appropriately!

Michael Jones - Proud member of the CloudPires team!

I hope this helps!
Michael D. Jones
Proud member of the GlideFast Consulting Team!