isMemberOf(): How do I use this when trying to find if any user, (i.e., NOT the user currently logged in), is a member of a specific group?

Go to solution
shawnclune
ServiceNow Employee
ServiceNow Employee

‎03-22-2021 07:07 AM

BACKGROUND:

A client is adding members to one (or all) of three (3) groups.  If the user is a member of any of the groups, they are then considered a VIP user and the VIP "flag" on their user record should be set to "True".

Likewise, when a user is no longer a member of the three (3) groups, the VIP "flag" on their user record should be set to "False".

The client realizes that this should be done in AD and simply 'carried forward' into the LDAP import (transform) and set up that way, but for now, they are not utilizing any field in AD to consistently indicate a user as having VIP status.

 

SOLUTION:

I have created a simple FLOW using Flow Designer to accomplish the first half - setting the VIP "Flag" to true on a User's record when they are added to any one of the three (3) groups.

Trigger = Record created on the [sys_user_grmember] table.

Actions = Set the VIP field on the user's [sys_user] record to "True"

NOTE:

It just occurred to me that I have ONLY tested the FLOW when I manually add a user to one of the three VIP groups.  I have NOT tested the FLOW after the LDAP import has run and pulled a user into one of the three VIP groups.

 

I could not figure out how to do the second part using Flow Designer ... and no-code.

 

I am struggling with the second part - setting the VIP "Flag" to false on the User's record when they have been removed from all three (3) of the groups.

 

RESEARCH/ATTEMPTS:

I have researched using 'isMemberOf()', but it appears that this will ONLY work for the user who is currently logged in.

Is that true?

 

I want to be able to do something like this (using text only):

  1. Query all of the User Records where the VIP field = TRUE
  2. Then (While), using the results of the query above, check to see if the user is a member of one of the three (3) groups
    • (here's where I think the script will start to fail if I use isMemberOf)
  3. If the user is still a member of any one of the three (3) groups, do nothing
  4. If the user is NOT a member of one of the three groups, set the VIP field for that user = FALSE.

 

Also, how should this be run?

  • As a Business Rule?  If so, when?
  • As a Scheduled Job?  If so, would you run it daily after the LDAP import runs?

 

Ultimately, I would like it to be part of the LDAP import.

Ultimately Ultimately (squared) ... I would like BOTH parts, (i.e., setting the VIP field to TRUE or FALSE to be part of one 'script').

Ultimately Ultimately Ultimately (cubed):

I would like this whole topic to be a new series for Chuck and Dave to talk about ... where one could examine concepts like:

    • Should we even attack the issue this way, (i.e., using isMemberOf or should we create a new role called something like "orgname_vip" and instead use the "hasRole" approach?), or
    • Should we create a new group type value called "VIP" and use that approach, or
    • Is there the opportunity to do something clever by creating a ScriptInclude?

Thoughts?  Advice?  Guidance?

 
Labels:
0 Helpfuls
  • 4,592 Views
1 ACCEPTED SOLUTION

Go to solution
Appli
Mega Sage
Mega Sage

‎03-22-2021 10:15 AM

Hi, may be you can use the logic in flow, please check in Staging environment.

Hope it helps

 

Assuming LDAP load is scheduled at 18:30, you can trigger a flow at 19:00

Step 5 - set VIP as false, Step 7 - Set VIP as true

 

find_real_file.png

 

How 7 looks like (just for the reference):

find_real_file.png

Hope it helps

View solution in original post

Preview file
66 KB
Preview file
20 KB
Preview file
99 KB
0 Helpfuls
13 REPLIES 13

Go to solution
Appli
Mega Sage
Mega Sage

‎03-22-2021 10:15 AM

Hi, may be you can use the logic in flow, please check in Staging environment.

Hope it helps

 

Assuming LDAP load is scheduled at 18:30, you can trigger a flow at 19:00

Step 5 - set VIP as false, Step 7 - Set VIP as true

 

find_real_file.png

 

How 7 looks like (just for the reference):

find_real_file.png

Hope it helps
Preview file
66 KB
Preview file
20 KB
Preview file
99 KB
0 Helpfuls

Go to solution
shawnclune
ServiceNow Employee
ServiceNow Employee
In response to Appli

‎03-23-2021 09:50 AM

Appli,

I love the simplicity and brilliance of this solution, but alas, I am still missing something along the way.

I think the part that is failing for me is where I check to see if a user is an existing member of 'ViP_Group_1' or 'ViP_Group_2' ... or ... if the user was recently added to one of these groups.

If the user is already a member of 'ViP_Group_1' or was recently added to this group - everything works fine.

However, if the user is already a member of 'ViP_Group_2' the VIP field is set to FALSE - but if they were recently added to this group it works fine.

I tried to put everything in this response, but I'm guessing it was too large, so instead, I'm attaching my complete response as an attachment.

Kind regards,

     - Shawn

Preview file
27 KB
Preview file
271 KB
Preview file
5 KB
0 Helpfuls

Go to solution
Appli
Mega Sage
Mega Sage
In response to shawnclune

‎03-23-2021 12:34 PM

Hi Shawn, my latest and greatest flow 🙂  in the post above contains just 7 actions, but in your document I saw actions 8,9,10,11; kindly ask to recheck. And I re-tested your test case - it passed with my flow.

Happy to share an access to my PDI where you can check this flow and test as well, please let me know if this is needed.

Hope it helps

Hope it helps
Preview file
67 KB
Preview file
67 KB
0 Helpfuls

Go to solution
shawnclune
ServiceNow Employee
ServiceNow Employee
In response to Appli

‎03-24-2021 05:34 AM

Appli,

It worked!  Thank you so much.  Have a great day.

     - Shawn

 
0 Helpfuls