I have a requirement to remove ITIL role for users not logged into the system for last 60 days.

I wrote a script to remove such users but encountering an issue.

Basically, I am removing user from all such groups which provides ITIL access ( ITIL access is provided to user via group).

Now when running the script, it works perfectly but the loop exits after executing for one user.

I believe "gr1.deleteRecord();" is having issue.

If i comment and run it, it works perfectly fine displaying all all groups and users from the groups they would be removed.

Any help would be appreciated.

var gr = new GlideRecord('sys_user_has_role');

gr.addEncodedQuery('user.active=true^user.user_nameISNOTEMPTY^user.last_login_time<javascript&colon;gs.beginningOfLast60Days()^role=282bf1fac6112285017366cb5f867469^user.web_service_access_only!=true^user.internal_integration_user!=true');
gr.query();
while (gr.next())
{
gs.log('ITIL License to be revoked for this User'+ gr.getDisplayValue('user'));
var gr1 = new GlideRecord("sys_user_grmember");
gr1.addEncodedQuery("user=" + gr.user);
gr1.query();
while (gr1.next())
{
var grGRole = new GlideRecord("sys_group_has_role");
grGRole.addEncodedQuery("group=" + gr1.group + "^role=282bf1fac6112285017366cb5f867469");
grGRole.query()
     if (grGRole.next())
     {
     gs.log('User ' + gr1.getDisplayValue('user') + ' removed from group ' + gr1.group.name + ' due to License Optimization');
     gr1.deleteRecord();
    }

}
}