var referenceRole = 'itil' // reference role for cloning

var newRole = 'itil_dummy'; // new role to be cloned from reference role



var newRoleObj = new GlideRecord('sys_user_role'); // create a new role

   newRoleObj.initialize();

   newRoleObj.name = newRole;

var newRoleSysID = newRoleObj.insert();



var aclAndRole = new GlideRecord('sys_security_acl_role');   // find all the ACLs for reference role

   aclAndRole.addQuery('sys_user_role.name',referenceRole);

   aclAndRole.addQuery('sys_security_acl.active',true);

   aclAndRole.query();



while(aclAndRole.next()){


   gs.print(aclAndRole.sys_security_acl.name);

   gs.print(aclAndRole.sys_security_acl.advanced);

   gs.print(aclAndRole.sys_security_acl.script);

   gs.print(aclAndRole.sys_security_acl.condition);

     

   var newACLs = new GlideRecord('sys_security_acl');   

   newACLs.initialize(); // create new ACLs for new Role

   newACLs.name = aclAndRole.sys_security_acl.name;

   newACLs.advanced = aclAndRole.sys_security_acl.advanced;

   newACLs.condition = aclAndRole.sys_security_acl.condition;

   newACLs.script = aclAndRole.sys_security_acl.script;

   var newACLSysID = newACLs.insert();

     

   var newACLAndRole = new GlideRecord('sys_security_acl_role');   

   newACLAndRole.initialize(); // build a relation between new ACL and new Role so that new Role appears in related section for ACL

   newACLAndRole.sys_security_acl = newACLSysID;

   newACLAndRole.sys_user_role = newRoleSysID;

   newACLAndRole.insert();

}

Hi Mary,

As I said, I was trying this out in past and I left it in the middle due to some change in the requirement. However, I have modified the code which you can see above.

The design considerations are

1) Create a new role entry in sys_user_role table for dummy role , lets say "itil_dummy"

2) Find the "Associated ACLs" for existing role using sys_security_acl_role using "Reference" role lets say "itil".

3) Now, have new ACLs created for "itil_dummy" role using step 2. These ACLs will have same "Condition", "Script" fields as per the result got in step 2.

4) Create relation between new role and these new ACLs using m2m table "sys_security_acl_role".

Remember, you will have to test it thoroughly, i checked the above code in my dev instance it created new Role ITIL_dummy with ACLs associated with ITIL role with same condition, script fields. I have not taken in consideration other fields of ACL like "admin overrides", you can do that by adding a line in code snippet from line 27 to 29.

Also, this changes will not be captured in your update set since you are running this code as background script. Also one more thing, ACLs are performance maker or breaker, the lesser we have, the better it is. So please rethink again before making any decision.