How to remove roles from the inactive user records which is not associated with any groups..

Aditya1204 · ‎08-09-2024

we have ran the fix scripts to remove the inactive users from groups and roles table by using fix scripts.

Users are removed successfully from all their groups and their associated roles.

but when we tried to run the fix script to remove the users from "sys_user_has_role" table. its removed some roles from the users. but we still have some remained roles which is not removing from user records. (these roles are inherited = true ).

examples of roles:

cmdb_read, sn_cimaf.sn, cimaf_readsn_esm_user

OlaN · ‎08-09-2024

Hi,

Inherited roles mean the user was granted the role by another role. Removing the parent role should remove all the inherited roles also.

Why did you script this, and not go through the user interface, and remove the groups manually ?

Normally when a user is removed from a group, the roles granted to the group will be removed automatically. Did you use .setWorkFlow(false) in your script when updating the records?

Aditya1204 · ‎08-09-2024

We ran the fix scripts for inactive users records which needs to be removed from groups and roles.

so all groups and their associated roles are being removed but we found that some users are still having roles from sys_has_roles table.

OlaN · ‎08-09-2024

Yes, but this is not really answering my questions.. 😀

HIROSHI SATOH · ‎08-09-2024

Can you tell us which script you ran?