How to get list of user who have only ITIL role?

Santosh Kallim1
Giga Contributor

‎05-26-2020 07:41 AM

Hello Experts,

 

I have 20K user's, there multiple roles added to each user's

There are some user's, only have ITIL role, there are no roles added to these users except ITIL, so I need to get the count of those users and sys_id through scripting, 

 

can anybody help me please? 

Labels:
0 Helpfuls
  • 6,516 Views
15 REPLIES 15

Santosh Kallim1
Giga Contributor
In response to Akash Gurram1

‎05-26-2020 09:37 AM

It still return the overall count ..

0 Helpfuls

Christian_
Tera Guru

‎05-26-2020 09:47 AM

Hello,

Have you checked this one :  Server-side "hasRoleExactly" in ServiceNow

You could incorporate this into your check.

0 Helpfuls

DScroggins
Kilo Sage

‎05-26-2020 10:38 AM

Here this script will get list of users with only ITIL role. It will NOT get back users who have ITIL & snc_internal. The script can be updated to get those users as well if needed. This has been tested and provides the expected output:

var users = [];
var gr = new GlideAggregate('sys_user_has_role'); 
gr.addAggregate('count','role');
gr.groupBy('user');
gr.query();
while(gr.next()){
    var count = gr.getAggregate('count','role');
    if(count == 1){
        var r = new GlideRecord('sys_user_has_role');
        r.addQuery('role','282bf1fac6112285017366cb5f867469');
        r.addQuery('user', gr.user);
        r.query();
        while(r.next()){			
	        users.push(r.user.toString());
        }      
     
    }	   
  
}

gs.print("Total users with only ITIL role: "+users.length);
gs.print("List of Sys IDs:");

for(i in users){
	gs.print(users[i]);
}

 

Hope this helps.

--David

DirkRedeker
Mega Sage

‎05-26-2020 12:29 PM

Hi

After all the scripts that have been submitted here, and still there seems not to be the result that you expect, maybe you are looking to the data in a wrong way.

A user can not have JUST the ITIL role. As soon as you assignb the ITIL Role, a bunch of other roles are assigned as inherited roles as well - I am not sure, if you are aware about that.

See the following screenshot:

To this user, I just added the ITIL Role (having an empty field in the columns "inheritance Count". All the other Roles are assigned based on the ITIL Role (Roles that are childs of the ITIL ROle).

find_real_file.png

Having that in mind, can you re-check the scripts from the other Community members, and let me know if the result is correct or still wrong?

Thanks for letting me know.

BR

Dirk

Preview file
112 KB
0 Helpfuls

Bhujangi Gawal1
Tera Contributor

‎12-19-2022 05:05 AM

Please create an automation for the below, Use your PDI or dev machine.

Generate a list report of all the users per domain, having itil roles in last 30 days.

User, role, state, granted date, granted by, revoked date, revoked by.

Schedule the report to be sent every 1st of the month

0 Helpfuls