onAfter Transform Map - Group Member Add

Amit Giri
Kilo Guru

‎09-03-2024 01:35 PM

Hello All,

 

I am trying to add the provisioned user to the group according to the attribute that I'm getting from an Identity Provider. I have written an onAfter transform script (given below) for this, but the insert function is not working.

 

(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {
    // Add your code here
    try {
        if (action == 'insert') {
            if (target.sys_class_name == "sys_user") {
                // add users to appropriate groups
				var role = source.role; //role is a attribute from IdP
				gs.log("onAfter: " + role); //log have the correct sys_id

                var userGroup = lookupRole(role); //Call to the function

				gs.log("onAfter Group: " + userGroup); //log have the correct sys_id
				
                var internalUser = new GlideRecord("sys_user_grmember");
                internalUser.initialize();
                internalUser.user = target.sys_id;
                internalUser.group = userGroup;
                internalUser.insert();
            }
        }

    } catch (err) {
         gs.log("onAfter User Provisioning: " + err, "AG");
    }

    function lookupRole(role) {
        if (role == "Infra_Admin") {
             var roleGroup = gs.getProperty('idp.administrator_group.role');
        } else if (role == "App_Support") {
            roleGroup = gs.getProperty('idp.agent_group.role');
        } else {
            roleGroup = gs.getProperty('idp.internal_group.role');
        }
        return (roleGroup);
    }

})(source, map, log, target);

(All the sys_id are coming up properly in the above script)
 

I checked further and we have a Role Management v2 Plugin is enabled and there is a OOO BR called 'Group Member Add' which is stopping the record insert (tested with disabling the BR).

 

Is there any way I can complete the requirement without changing the OOO BR?

 

Thanks & Regards 

0 Helpfuls
  • 550 Views
5 REPLIES 5

Sheldon  Swift
ServiceNow Employee
ServiceNow Employee

‎09-03-2024 03:01 PM

Hi @Amit Giri - 'Group Member Add' runs after insert/update, so that alone shouldn't prevent your script from working as expected. Are you saying that the insert is functioning as expected when you disable the BR?

0 Helpfuls

Amit Giri
Kilo Guru
In response to Sheldon  Swift

‎09-04-2024 10:41 AM

Hello @Sheldon  Swift 
I tested yesterday with disabling the BR, it kind of did. But today, it's not working. I think, the issue is somewhere else.

0 Helpfuls

Sheldon  Swift
ServiceNow Employee
ServiceNow Employee
In response to Amit Giri

‎09-04-2024 11:39 AM - edited ‎09-04-2024 11:40 AM

You could try adding more logging to track the flow of your script and determine exactly where it's breaking down. Also, it’s a good idea to update your condition check to `if (target.getValue('sys_class_name') === "sys_user")` to avoid a potential type mismatch.

 

(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {
    // Add detailed logging for tracking the script's execution
    try {
        gs.log("Starting the transformation script", "AG");

        // Check if the action is an insert
        if (action === 'insert') {
            gs.log("Action is insert", "AG");

            // Check if the target is sys_user
            if (target.getValue('sys_class_name') === "sys_user") {
                gs.log("Target is sys_user", "AG");

                // Extract the role from the source
                var role = source.role; //role is a attribute from IdP
                gs.log("Role from source: " + role, "AG");

                // Lookup the corresponding user group
                var userGroup = lookupRole(role); //Call to the function
                gs.log("User group retrieved: " + userGroup, "AG");

                if (userGroup) {
                    // Insert the user into the appropriate group
                    var internalUser = new GlideRecord("sys_user_grmember");
                    internalUser.initialize();
                    internalUser.user = target.sys_id;
                    internalUser.group = userGroup;
                    var insertResult = internalUser.insert();

                    if (insertResult) {
                        gs.log("User successfully added to group: " + userGroup, "AG");
                    } else {
                        gs.log("Failed to add user to group: " + userGroup, "AG");
                    }
                } else {
                    gs.log("No valid group found for the role: " + role, "AG");
                }
            } else {
                gs.log("Target is not sys_user (" + target.sys_class_name + "), skipping group assignment", "AG");
            }
        } else {
            gs.log("Action is not insert, skipping script", "AG");
        }
    } catch (err) {
        gs.log("Error in User Provisioning: " + err, "AG");
    }

    // Function to map roles to groups
    function lookupRole(role) {
        gs.log("Looking up group for role: " + role, "AG");
        var roleGroup = null;

        if (role === "Infra_Admin") {
            roleGroup = gs.getProperty('idp.administrator_group.role');
        } else if (role === "App_Support") {
            roleGroup = gs.getProperty('idp.agent_group.role');
        } else {
            roleGroup = gs.getProperty('idp.internal_group.role');
        }

        gs.log("Group found for role: " + role + " is " + roleGroup, "AG");
        return roleGroup;
    }

})(source, map, log, target);

 

0 Helpfuls

AnirudhKumar
Mega Sage
Mega Sage

‎09-03-2024 03:28 PM

Have you logged target.sys_id ?

Check if that returns a value.

Also, try adding toString():

var internalUser = new GlideRecord("sys_user_grmember");
internalUser.initialize();
internalUser.user = target.sys_id.toString();
internalUser.group = userGroup.toString();
internalUser.insert();

 

0 Helpfuls