- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 09:04 PM - edited 01-16-2023 09:06 PM
Requirement
Access provisioning for non-admin accounts is fulfilled automatically in non-prod environments using ServiceNow catalog
Note - Non-admin accounts include ITIL user & Impersonator access type
Catalog item is already in placed want to achieve the access to non-prod environment automatically
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 10:02 PM
var user = current.variables.user; // considering sysid of user
var role = current.variables.role; // considering sysid of role
var group = current.variables.group; // considering sysid of group
If you want to give access directly as role
var userRole = new GlideRecord("sys_user_has_role");
userRole.initialize();
userRole.user = user;
userRole.role = role;
userRole.insert();
If you want to give access directly as group
var userGroup = new GlideRecord("sys_user_grmember");
userGroup.initialize();
userGroup.user = user;
userGroup.group= group;
userGroup.insert();
Please mark correct if my response has solved your query.
Cheers,
Mohammed Basheer Ahmed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 09:43 PM
Hi @Saumil Parekh ,
If you are trying to provide access (Roles/Groups) using Service Catalog it is possible.
There are many ways, I would recommend having a workflow trigger whenever the catalog item is requested.
In the workflow we can have a run script and there we can glide and provide access
For example your catalog item needs to have variables
username
role
group
through this you can glide and provide access.
Let me know if you are stuck at somewhere.
Please mark correct if my response has solved your query.
Cheers,
Mohammed Basheer Ahmed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 09:48 PM
Thanks for your reply.
Could you please help me with the run script. As you mentioned we have created the catalog and the workflow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 10:02 PM
var user = current.variables.user; // considering sysid of user
var role = current.variables.role; // considering sysid of role
var group = current.variables.group; // considering sysid of group
If you want to give access directly as role
var userRole = new GlideRecord("sys_user_has_role");
userRole.initialize();
userRole.user = user;
userRole.role = role;
userRole.insert();
If you want to give access directly as group
var userGroup = new GlideRecord("sys_user_grmember");
userGroup.initialize();
userGroup.user = user;
userGroup.group= group;
userGroup.insert();
Please mark correct if my response has solved your query.
Cheers,
Mohammed Basheer Ahmed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-2023 10:52 PM - edited 01-16-2023 10:54 PM
Thanks for your solution.
We were going through the script in our environment and we found the script include which is similar to our requirement could you let me know the below script is in ready to use
We have a script include which is running in our workflow run script
ResetUtil.prototype.reset= function(current, workflow, activity) {
var envt_json= {
'development':'https://xxxdev.service-now.com',
'test_xxx':'https://xxxtechtest.service-now.com',
'uat_xxx':'https://xxxuat.service-now.com',
};
ResetUtil.prototype.grantItilAccess = function(user_sysid) {
var returnObject = {};
var usr = new GlideRecord('sys_user');
usr.addQuery('sys_id',user_sysid);
usr.query();
if(usr.next()) {
try {
var grp_mem = new GlideRecord('sys_user_grmember');
grp_mem.initialize();
grp_mem.user = usr.sys_id;
grp_mem.group = gs.getProperty('xxx.ins_itil_grp');
var grp_mem_res = grp_mem.insert();
if ( grp_mem_res && grp_mem_res != '' && grp_mem_res != undefined ) {
returnObject = user_reset(user_sysid);
}
else {
returnObject.message = 'Failed to add Group to User';
returnObject.status = "group_failure";
}
}
catch(e) {
returnObject.status = "exception";
}
}
else {
returnObject.message = 'User ID does not Exists, please check the user';
returnObject.status = "unknown_user";
}
return returnObject;
};
Adding the roles and group to the user in all across environment
