How the records are created in sys_user_has_role table and "created by" field value in this table.

Jyoti Garg1
Tera Contributor

‎04-03-2023 02:52 AM

Hi all,

Thanks in advance for reply.

I has some queries related to sys_user_has_role table.

How I can know from which medium a record in created in sys_user_has_role table.

Like, do we use a group to assign a role to user, or run background script , business rule, through a custom SR, or directly assigned the role to user. Actually, we have a lots of records where "created by" is system and admin. but we do not have any user named as admin. Why records in this table are showing created by as system.

Any Help will be appreciated  

Thanks and Regards

Jyoti 

0 Helpfuls
  • 865 Views
4 REPLIES 4

Ahmmed Ali
Mega Sage

‎04-03-2023 05:31 AM

Hello @Jyoti Garg1 

 

The best practice would be to create groups, assign roles to group and then add user to group. Assigning roles directly to user will make the role management difficult.

 

The question about records being created by system/admin, I believe these should be part of upgrade or any other such activity. Example if ServiceNow creates new role of any new application and it is added to the itil role. 

Now when you upgrade, all the existing users who has itil role will inherit the new role which means creating records in sys_user_has_role table.

 

You instance might include some automation for assigning the roles to users which might be running with admin account. But above is what mostly the case as per my understanding.

 

Thank you,

Ali

If I could help you with your Query then, please hit the Thumb Icon and mark my answer as Correct!!

Thank you,
Ali

Jyoti Garg1
Tera Contributor

‎04-11-2023 06:56 AM

Hi @Ahmmed Ali

Thank you so much for the reply.

 

I have a requirement to know, how the record is created in sys_user_has_role table. By which medium the record is inserted in this table like through any fix script, any user has assigned role directly, by a group assignation user inherited role, by using custom SR, by background script.

I know we can you "inheritance map" field on sys_user_has_role, if the role is inherited from a group or by any another role.

But, this field value in blank is mostly cases. means either these role are assigned directly or by script or SR. How to find which person has created these entries by which medium.

Thanks

Jyoti

0 Helpfuls

Ahmmed Ali
Mega Sage

‎04-12-2023 01:18 AM

Hi @Jyoti Garg1 

 

I don't think OOTB we can find by which medium the role was added, just you can find who assigned those roles and when was it assigned, that too based on created and created by fields of sys_user_has_role record.

 

If any issue you are investigating, I would suggest to create a case with HI team with the question.

 

Thank you,

Ali

If I could help you with your Query then, please hit the Thumb Icon and mark my answer as Correct!!

Thank you,
Ali
0 Helpfuls

sushantmalsure
Mega Sage
Mega Sage

‎04-12-2023 01:30 AM

@Jyoti Garg1 So now you know what is the best practice to have role assigned to user (refer to comment of Ahmmed Ali).

But how are the records are created there will be business rule which does it and it varies case to case of role assignment. For eg: when there is a group which grants ITIL role then as soon as new member added to group there is a BR present on 'Group member' table which adds the role to user BR name : Group Member Add .

So business rule is creating records in sys_user_has_role table.

Now why mostly you see those records in table sys_user_has_role created by system or admin is because that created by changes when you upgrade / clone environment.

 

If my answer has helped with your question, please mark my answer as accepted solution and give a thumb up.
Regards,Sushant Malsure
0 Helpfuls