Can you create a dynamic group?

robpickering · ‎06-26-2014

Haven't really had a reason for this before, but can you create a dynamic group in ServiceNow based off of characteristics on a User record?

We have a custom field on the User records called "Is Manager". I'd like to have a group in ServiceNow that contains all of those people and adds or removes people dynamically from it.

If there isn't functionality OOB, would you just build a Business Rule that adds and removes people from the group based on changes to the user records?

jshatney · ‎06-26-2014

Agree with James.

Create a business rule on the sys_user table to check the flag that you have created for "Is Manager".

If the value is true, run a Glide query to check the group membership table (sys_user_grmember) to see if they user already exists. If not, create a new record.
If the value is false, run a Glide query (same as above) and remove the record if they exist in the table.

View solution in original post

poyntzj · ‎06-27-2014

Hi Rob, I know what you mean. It can get too unweidly

we took the decision to create new groups (typically done via EMC or powershell)

we process the following groups (filter on the LDAP import)

Any group that has the suffix ITSM as it will have process users in - may do approvals
Any group that has the suffix ITSM ApprGrp purely for approvals
Any group that has the suffix ITSM NotGrp purely for notifications.
we also import any group that has *itsops@ in the email address as these are local operational support groups (get tickets raise into Servicenow from our monitoring tools@)

When imported we assign them the relevant type (

We still create the groups and do the necessary work in Servicenow, but we have the manager and co mangers assigned to be whoever requested the group.

This way, we can tell the IT users who have access to the EMC to use that for maintenance, for business users are told how to use the ECP.

Keeps our admin down to a minimum

Cheers

robpickering · ‎06-30-2014

Julian, good ideas all, we may adopt them, though I was hoping to avoid adding even more groups to my AD environment, which have to be separately maintained.

That said, I see you have an approvals group. I also see you have process users. I was under the impression that only process users could perform approvals under that model, so wouldn't those groups have the same people in them?

poyntzj · ‎06-30-2014

Hi Rob.

Don't worry about the number of groups. the main concern is the users kerberos size - but even then you need to be a member of a lot of groups. (hundred +)

From our perspective it is much easier to create the odd group as needed and then let them control who is in them.

They are informed that anyone added to a plain ITSM group will cost per license.

Approvers do not need a license as far as I know.

We have a Post Implementation approval on all changes regardless of who requested it

On our change and request workflows we have all sorts of approvals - Business, Design, QA, Release, Local It, Line Manger, CFO, CIO, etc not all are process users.

For anyone who may need to be a "manual" approver we do have a seperate "Manual Approvers" group incase the user is not in any of the existing Approval Groups.