How To Add A User To Multiple Groups via Script

Charlie Ward · ‎08-27-2015

I have a scenario where I need to frequently add users to multiple predefined groups. These groups have no roles assigned to them, but are used as "security" groups to allow viewing of certain "work order types" on our UI Page record producer. I think I have the right process started for what I want, but I'm not sure how to code it properly.

The reason I am in desperate need of this is because of employee turnover either by promotion or termination/quitting, I need to be able to click 1 box versus going into groups and then having to manually add them to 5 different groups.

Below is what I've done so far

1. Created a new True/False field to the User Table called "Authorized Requestor"

2. I created a Business Rule that when the "Authorized Requestor" box is True, then do such and such script

This is where I'm stuck. I'm still very new to coding and don't know what I'm needing to do. Also, I'm needing the script to reverse if "Authorized Requestor" is false/unchecked.

End Goal :

New Group Member

1. Go to User Record and find user

2. Check "Authorized Requestor" box and user gets added to the predetermined groups

Group Member Removal

1. Go to User Record

2. Check "Authorized Requestor" box and user gets removed from the predetermined groups.

Charlie Ward · ‎08-28-2015

Thijs, thank you for sending me in the right right direction with the coding. The code above didn't work to remove the users, but it put me on the right path.

I actually created two separate business rules, because I couldn't seem to accomplish in the same business rule which is fine with me. I'm just glad I got it working.

Here is what I did to solve my problem. I hope it maybe helps someone else having needing a similar solution.

I created a True/False Field on the User Table and called it Authorized Requestor
I created 2 business rules
- BR #1 Labeled : Authorized Requestor Box Checked = TRUE
  - Table - User [sys_user]
  - Active - Checked
  - When to Run
    - When - Before
    - Insert Box - Checked
    - Update Box - Checked
    - Filter Conditions
      - Authorized Requestor changes from false AND
      - Authorized Requestor changes to true
  - Actions
    - Advanced Box - Checked
  - Advanced
    - Script

function onBefore(current, previous) {




   var gm_evs = new GlideRecord('sys_user_grmember'); //This table is where the relationship between the groups and users is defined
   gm_evs.initialize();
   gm_evs.user = current.sys_id;
   gm_evs.group = 'group sys ID';//sys id of your group
   gm_evs.insert();
 
   var gm_pom = new GlideRecord('sys_user_grmember'); //This table is where the relationship between the groups and users is defined
   gm_pom.initialize();
   gm_pom.user = current.sys_id;
   gm_pom.group = 'group sys ID';//sys id of your group
   gm_pom.insert();
 
   var gm_sec = new GlideRecord('sys_user_grmember'); //This table is where the relationship between the groups and users is defined
   gm_sec.initialize();
   gm_sec.user = current.sys_id;
   gm_sec.group = 'group sys ID';//sys id of your group
   gm_sec.insert();
 
   var gm_sign = new GlideRecord('sys_user_grmember'); //This table is where the relationship between the groups and users is defined
   gm_sign.initialize();
   gm_sign.user = current.sys_id;
   gm_sign.group = 'group sys ID';//sys id of your group
   gm_sign.insert();
 
   gs.addInfoMessage("Any Message To Be Displayed At Top of Form");
}

BR #2 Labeled : Authorized Requestor Box Checked = False
- Table - User [sys_user]
- Active - Checked
- When to Run
  - When - Before
  - Insert Box - Checked
  - Update Box - Checked
  - Filter Conditions
    - Authorized Requestor changes from true AND
    - Authorized Requestor changes to false
- Actions
  - Advanced Box - Checked
- Advanced
  - Script

function onBefore(current, previous) {


   //This function will be automatically called when this rule is processed.




   RemoveFromGroups();




   function RemoveFromGroups() {


   var grMember = new GlideRecord('sys_user_grmember');


   grMember.addQuery('user', current.sys_id);


   grMember.query();


   var gc = grMember.addQuery('sys_id','your group sys id');


   gc.addOrCondition('sys_id','your group sys id');


   gc.addOrCondition('sys_id','your group sys id');


   gc.addOrConadition('sys_id','your group sys id');


   gc.query();




   // For each ServiceNow group, delete the membership.


   while (grMember.next()) {


   grMember.deleteRecord();


   }


   }


   gs.addInfoMessage("Any Message To Be Displayed At Top of Form");


}

Now when I go to the User Table and I can click on the Authorized Requestor box and click Save, the user gets added to the groups if the box is checked and are removed from the groups if the box is unchecked.

Thank you Tony and Thijs for pointing me in the right direction. I LOVE THE SN COMMUNITY!

View solution in original post

tonyshabani · ‎08-27-2015

If I understand correctly when you select this check box on the user and hit save, you'd like the groups to be added? You're on the right track with a business rule. Make it an after update/insert business rule with an advanced script on the user table along the lines of this:

var gm = new GlideRecord('sys_user_grmember'); //This table is where the relationship between the groups and users is defined


gm.initialize();


gm.user = current.sys_id;


gm.group = //sys id of your group;


gm.insert();

Also, on your condition for the business rule you want to filter if your field that you've added to the user table is check marked. Repeat the above code for each group you are adding. This will add the relationship between the group and user, thus adding the user to said groups. Please let me know if you have any more questions.

Regards,

Tony

Charlie Ward · ‎08-27-2015

Tony, thank you for the code. It works perfect for adding the users to the group. However, how do I make it so that if the Authorized Requestor Box is False or Unchecked to remove the users from the groups?

Thijs Daemen · ‎08-27-2015

Hi Charlie,

You might want to look into GlideRecord - ServiceNow Wiki on the wiki.

setup you business rule with the condition Authorized Requestor Changes. Scripted condition: current.u_authorized_requestor.changes()

Removal or adding of a record would be something along the lines of

if(current.u_authorized_requestor == 'false') {//assuming this is the name of the new field


         var gr = new GlideRecord('sys_user_grmember');


         var gc = gr.addQuery('group','<enter sys_id group1>');//use field 'user' with current.sys_id to remove everything of the current user


         gc.addOrCondition('group','<enter sys_id group2>');


         gc.addOrCondition('group','<enter sys_id group3>');


         gr.deleteMultiple();


} else {


         var gm = new GlideRecord('sys_user_grmember'); //This table is where the relationship between the groups and users is defined   


         gm.initialize();   


         gm.user = current.sys_id;   


         gm.group = //sys id of your group;   


         gm.insert();


         //repeat for other groups


}

This is by no means the most effective or scalable way of doing this. Normally you would extract the list of groups from a table or other place in the system. You could create a loop around the code to automatically add or remove all the groups based on this table/list. It would save you the trouble of having to update the business rule if your groups change (adding new groups, removing groups).

edit: corrected an error in the code. Should have used the field group instead sys_id in the query.

Charlie Ward · ‎08-28-2015

Can one of you tell me how you put code in one of these messages for it to be automatically formatted like your codes are above? As you can see with my previous post, I couldn't figure out how to make my code look pretty and easier to read.