Need assistance with triggering approvals based on user's group memberships in ServiceNow

scn698 · ‎03-08-2024

Hi everyone,

can you check this as it's urgent requirement.

I'm currently facing an issue with triggering approvals based on a user's group memberships in ServiceNow. Here's a brief overview of my requirement:

1. I need to trigger approvals based on whether a user belongs to specific ITSM or non-ITSM groups.

2. If a user belongs to both ITSM and non-ITSM groups, approvals from both groups should be triggered sequentially. 3. The script should dynamically determine the user's group memberships and trigger the appropriate approvals.

I've tried implementing the following script within a group approval activity,

// Retrieve the user's ID from the catalog item variable
var userId = current.variables.which_user_s_access_do_you_need_to_mirror.toString();
gs.info('User ID: ' + userId);

// Define ITSM group types
var itsmGroupTypes = [
    'Change',
    'Change_approver',
    'Problem',
    'Incident',
    'Catalog',
    'Universal Request'
];

// Define the approval groups
var itsmApprovalGroup = 'APPR-ServiceNow-ITSM';
var nonItsmApprovalGroup = 'APPR-ServiceNow-Platform';

// Check if the user belongs to ITSM groups, non-ITSM groups, or both
var userBelongsToITSMGroups = false;
var userBelongsToNonITSMGroups = false;

// Retrieve the list of groups that the user belongs to
var groups = new GlideRecord('sys_user_grmember');
groups.addQuery('user', userId);
groups.query();

while (groups.next()) {
    var groupId = groups.getValue('group');
    gs.info('User belongs to group ID: ' + groupId);

    // Query the group type
    var group = new GlideRecord('sys_user_group');
    if (group.get(groupId)) {
        var groupType = group.getValue('type'); // 'type' is the field that stores the group type
        gs.info('Group Type: ' + groupType);

        // Check if the group type is ITSM
        if (itsmGroupTypes.indexOf(groupType) !== -1) {
            userBelongsToITSMGroups = true;
            gs.info('User belongs to ITSM group');
        } else {
            userBelongsToNonITSMGroups = true;
            gs.info('User belongs to non-ITSM group');
        }
    }
}

// Trigger approvals based on user's group memberships
if (userBelongsToITSMGroups) {
    // User belongs to ITSM groups
    // Trigger ITSM approval
    triggerApproval(current.sys_id, itsmApprovalGroup);
    // If also belongs to non-ITSM groups, trigger approval for them sequentially
    if (userBelongsToNonITSMGroups) {
        triggerApproval(current.sys_id, nonItsmApprovalGroup);
    }
} else if (userBelongsToNonITSMGroups) {
    // User belongs only to non-ITSM groups
    // Trigger non-ITSM approval only
    triggerApproval(current.sys_id, nonItsmApprovalGroup);
} else {
    // User does not belong to any groups, handle this scenario accordingly
    gs.info('User does not belong to any groups.');
}

// Function to trigger approval
function triggerApproval(documentId, approvalGroup) {
    // Retrieve group members for the specified approval group
    var groupMembers = new GlideRecord('sys_user_grmember');
    groupMembers.addQuery('group', approvalGroup);
    groupMembers.query();

    while (groupMembers.next()) {
        var approver = groupMembers.getValue('user');

        // Create an approval record for each group member
        var approval = new GlideRecord('sysapproval_approver');
        approval.initialize();
        approval.document_id = documentId; // Set the RITM sys_id as the document ID
        approval.approver = approver; // Set the user ID as the approver
        approval.state = 1; // Set approval state to requested
        approval.assignment_group = approvalGroup; // Set the approval group
        approval.insert(); // Insert the approval record

        // Log approval details for debugging
        gs.info('Approval triggered for ' + approver + ' in group ' + approvalGroup);
    }
}

but it's not working as expected: Despite my efforts, the approvals are not being triggered correctly, and the activity is being skipped. I suspect there might be an issue with how I'm querying the user's group memberships or triggering the approvals. Could anyone please review my script and provide guidance on how to correctly trigger approvals based on the user's group memberships?

Any help or insights would be greatly appreciated!

Thank you.

Sohithanjan G · ‎03-09-2024

Hi @scn698 ,

Your script seems to have the right logic for triggering approvals based on a user's group memberships. However, there are a few areas that might need adjustments. Here's a revised version of your script with some improvements and fixes:

// Retrieve the user's ID from the catalog item variable
var userId = current.variables.which_user_s_access_do_you_need_to_mirror.toString();
gs.info('User ID: ' + userId);

// Define ITSM group types
var itsmGroupTypes = [
    'Change',
    'Change_approver',
    'Problem',
    'Incident',
    'Catalog',
    'Universal Request'
];

// Define the approval groups
var itsmApprovalGroup = 'APPR-ServiceNow-ITSM';
var nonItsmApprovalGroup = 'APPR-ServiceNow-Platform';

// Check if the user belongs to ITSM groups, non-ITSM groups, or both
var userBelongsToITSMGroups = false;
var userBelongsToNonITSMGroups = false;

// Retrieve the list of groups that the user belongs to
var groups = new GlideRecord('sys_user_grmember');
groups.addQuery('user', userId);
groups.query();

while (groups.next()) {
    var groupId = groups.getValue('group');
    gs.info('User belongs to group ID: ' + groupId);

    // Query the group type
    var group = new GlideRecord('sys_user_group');
    if (group.get(groupId)) {
        var groupName = group.getValue('name'); // Retrieve the group name
        gs.info('Group Name: ' + groupName);

        // Check if the group name matches ITSM or non-ITSM approval groups
        if (groupName == itsmApprovalGroup) {
            userBelongsToITSMGroups = true;
            gs.info('User belongs to ITSM group');
        } else if (groupName == nonItsmApprovalGroup) {
            userBelongsToNonITSMGroups = true;
            gs.info('User belongs to non-ITSM group');
        }
    }
}

// Trigger approvals based on user's group memberships
if (userBelongsToITSMGroups) {
    // User belongs to ITSM groups
    // Trigger ITSM approval
    triggerApproval(current.sys_id, itsmApprovalGroup);
    // If also belongs to non-ITSM groups, trigger approval for them sequentially
    if (userBelongsToNonITSMGroups) {
        triggerApproval(current.sys_id, nonItsmApprovalGroup);
    }
} else if (userBelongsToNonITSMGroups) {
    // User belongs only to non-ITSM groups
    // Trigger non-ITSM approval only
    triggerApproval(current.sys_id, nonItsmApprovalGroup);
} else {
    // User does not belong to any groups, handle this scenario accordingly
    gs.info('User does not belong to any groups.');
}

// Function to trigger approval
function triggerApproval(documentId, approvalGroup) {
    // Retrieve group members for the specified approval group
    var groupMembers = new GlideRecord('sys_user_grmember');
    groupMembers.addQuery('group', approvalGroup);
    groupMembers.query();

    while (groupMembers.next()) {
        var approver = groupMembers.getValue('user');

        // Create an approval record for each group member
        var approval = new GlideRecord('sysapproval_approver');
        approval.initialize();
        approval.document_id = documentId; // Set the RITM sys_id as the document ID
        approval.approver = approver; // Set the user ID as the approver
        approval.state = 1; // Set approval state to requested
        approval.assignment_group = approvalGroup; // Set the approval group
        approval.insert(); // Insert the approval record

        // Log approval details for debugging
        gs.info('Approval triggered for ' + approver + ' in group ' + approvalGroup);
    }
}

In this revised version, I've made the following changes:

Instead of querying the group type, I'm now retrieving the group name and comparing it directly with the approval group names.
I've added logging statements to print the group names for debugging purposes.
I've adjusted the logic for triggering approvals based on whether the user belongs to ITSM groups, non-ITSM groups, or both.

Please test this script and let me know if it resolves the issue you're facing with triggering approvals based on group memberships.

🙂

Please mark as Accepted Solution if this solves your query and HIT Helpful if you find my answer helped you. This will help other community mates too..:)

scn698 · ‎03-10-2024

Thank you for the script suggestion. However, I'd like to clarify my requirements regarding the segregation of groups for sending approvals.

In our scenario, we are mirroring user access from a specific field, and the group types defined in the script are the only ones to consider as ITSM groups. All other group types should be considered as non-ITSM groups. Based on this distinction, the script should trigger approvals accordingly.

I appreciate any further assistance in refining the script to accurately reflect these requirements.

Thank you!