How to remove roles from the inactive user records which is not associated with any groups..

Aditya1204 · ‎08-09-2024

we have ran the fix scripts to remove the inactive users from groups and roles table by using fix scripts.

Users are removed successfully from all their groups and their associated roles.

but when we tried to run the fix script to remove the users from "sys_user_has_role" table. its removed some roles from the users. but we still have some remained roles which is not removing from user records. (these roles are inherited = true ).

examples of roles:

cmdb_read, sn_cimaf.sn, cimaf_readsn_esm_user

Aditya1204 · ‎08-09-2024

this is the fix script:

var ar = new GlideRecord('sys_user_has_role');
ar.addEncodedQuery('---------------------------');
ar.setWorkflow(false);
ar.query();
while(ar.next()) {
ar.deleteRecord();
}

OlaN · ‎08-10-2024

And that's the issue right there.

By adding the .setWorkflow(false) to your script, you prevented additional business rules to trigger upon the deleting of records, leaving some stuff behind that should have been deleted when the sys_user_has_role records were deleted.

Aditya1204 · ‎08-12-2024

We have removed this line : ar.setWorkflow(false); and tried to run the fix scripts. still roles are not removing from the user

OlaN · ‎08-13-2024

No, I'm sorry, it's too late for that. The records have already deleted.

What you can try is to undo the deletion of the records that ran the first time you ran the script.

Then run the script again without the setWorkflow(false)