Need help to Remove ITIL role for the user who have not logged in 30days

dinesh_v_m
Kilo Explorer

‎07-17-2020 06:08 AM

Hello Folks,

Need your assistance on removing user role (ITIL) those who have not logged in 30days.

We are currently in Orlando and the requirement is to remove User role weekly basis.

1. We have Roles tagged to the groups.

2. Need to remove users from groups periodically every friday, those who have not logged in 30days.

 

I tried this script.. but since roles are tagged to the groups, those doesn't work in our case..

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

var usr = new GlideRecord('sys_user');
usr.addEncodedQuery('last_login<javascript:gs.daysAgoStart(30)^vip=false');
usr.query();
while(usr.next())
{
// script to remove ITIL role of this user

var role = new Gliderecord('sys_user_has_role');
role.addQuery('user',usr.sys_id);
role.addEncodedQuery('role=282bf1fac6112285017366cb5f867469');
role.deleteMultiple();
}

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Waiting for your assistance.

 

Thanks,

Dinesh.V.M

Labels:
0 Helpfuls
  • 1,338 Views
4 REPLIES 4

simonpullen
ServiceNow Employee
ServiceNow Employee

‎07-20-2020 05:14 PM

Hello Dinesh,

If you are inheriting the role from a group you would need to script it to remove the user from that group, your script above will only work for none inherited roles.

You could simply look in the sys_user_has_role, if inherited is false remove, if its true then check which group you are inheriting this from and remove that user from that group on sys_user_grmember this will then in turn remove the role from that user.

 

Simon

0 Helpfuls

Chander Bhusha1
Tera Guru

‎07-20-2020 05:15 PM

Hi Dinesh,

Since the Roles are inherited from the group so you cannot delete the roles manually as it will come with the group. So best way is to remove the user from the group then automatically delete the roles associated with it.

Updated Script would be: (Update the Group sysid in the script addQuery();

var usr = new GlideRecord('sys_user');
usr.addEncodedQuery('last_login<javascript:gs.daysAgoStart(30)^vip=false');
usr.query();
while(usr.next())
{

var gr = new GlideRecord('sys_user_grmember');
gr.addQuery('user,usr.getUniqueValue());
gr.addQuery('group','0a52d3dcd7011200f2d224837e6103f2');  //Update the Group sysid from which you need to remove user
gr.query();
if(gr.next())
{
gr.deleteRecord();
}


}

 

 

 

 

Thanks,

CB

0 Helpfuls

MrMuhammad
Giga Sage

‎07-20-2020 05:29 PM

Hi,

As you have roles tied up with groups so you can remove users from group and in order to remove all the roles associated with the user you need to remove user from all the group. 

Below is script.  

var user = new GlideRecord('sys_user');
user.addEncodedQuery('last_login<javascript:gs.daysAgoStart(30)^vip=false');
user.query();

while(user.next())
{

  var grpMem = new GlideRecord('sys_user_grmember');
  grpMem.addQuery('user', user.getUniqueValue());
//  grpMem.addQuery('group', 'SYS ID OF GROUP'); //uncomment this line to remove from specific group and replace the sys id.
  grpMem.query();

  grpMem.deleteMultiple();

}

 

Thanks & Regards,

Sharjeel

Regards,
Muhammad
0 Helpfuls

sachin_namjoshi
Kilo Patron
Kilo Patron

‎07-20-2020 05:39 PM

You don't need to write any code for this requirement.

You can configure flow using flow designer to remove roles from user.

 

https://docs.servicenow.com/bundle/orlando-servicenow-platform/page/administer/flow-designer/referen...

 

Regards,

Sachin