Granting approver_user role

pathat · ‎06-15-2015

Hello.

I have a system where users are being provisioned an account in ServiceNow (via the API) and I would like to give any new user that is a manager the approver_user role so that he can approve a request made by a user for whom is the manager. I have an approval workflow that adds the requesting user's manager to the list of approvers. How can I automate this upon user creation?

pathat · ‎06-23-2015

Hi.

I am not using an LDAP import to import new users: a user is provisioned from an external system using the API.

I think I can use the script you provided in a business rule attached to the sys_user table, which will be triggered on an insert or update of a user. I want to make sure I understand the script you provided:

1. It queries the sys_user_has_role table and retrieves the record for the manager of the user (which I assume is what the target object is?) to be inserted/updated;

2. If this record (the user's manager) already has the approval_user role, the rule is ignored;

3. However if the record does not have the approval_user role, it is added to the record

Did I get it right?

PS. Why does the syntax for adding the role say setDisplayValue? I find it a bit odd syntax for adding a role...

****************

UPDATE:

Thx for everybody's help. I developed and tested the following script which does the job:

// This function will be automatically called when this rule is processed.

function onAfter(current, previous) {

var roleName = 'approver_user';

try {

gs.addInfoMessage("DMSSP rule: executing my new rule");

// Check if manager field is filled

if (current.manager == '' || current.manager == null || typeof(current.manager) == undefined) {

gs.addInfoMessage("DMSSP rule: this user does not have a manager so exit the rule");

return;

}

gs.addInfoMessage("DMSSP rule: current.manager ID = " + current.manager);

var ourUser = gs.getUser();

ourUser = ourUser.getUserByID(current.manager);

gs.addInfoMessage("DMSSP rule: First Name = " + ourUser.getFirstName());

gs.addInfoMessage("DMSSP rule: Last Name = " + ourUser.getLastName());

gs.addInfoMessage("DMSSP rule: Display Name = " + ourUser.getDisplayName());

var role = new GlideRecord('sys_user_has_role');

role.addQuery('user', current.manager);

role.addQuery('role.name', roleName);

role.query();

if (role.next()) {

ignore='true';

gs.addInfoMessage("DMSSP rule: Manager already has the role, so ignore the rule!");

}

else {

gs.addInfoMessage("DMSSP rule: Manager does not have the role, so assign it now!");

role.initialize();

role.user = current.manager;

role.setDisplayValue('role', roleName);

role.insert();

}

} catch(ex) {

gs.addInfoMessage("DMSSP rule: Error in script: " + ex);

}

View solution in original post

pathat · ‎06-23-2015

Thank you Venkat! I'll research this LDAP transform map.

You guys are great!

pathat · ‎06-23-2015

Hi Benny. Ok I see where I can create a business rule on any table, and even add a custom script (click on Advanced) like the one shown in Michael's reply above. One thing left to figure out: how/what script logic can I use to determine if the user to be inserted/updated is a manager of another: Thoughts on this? In the meantime, I'll continue my research.

venkat2 · ‎06-23-2015

Hi

The transform script will take care of the condition as it will run for every user load.

pathat · ‎06-23-2015

Hi.