Remove user from ITIL groups if not logged for 60 days

Ravi kiran1 · ‎12-05-2022

Hi Team,

I am working on requirement to remove users from groups who has not logged in for 60 days , this is achieved. Few groups doesn't have ITIL role assigned as (roles are assigned to groups not for users) ,but we want to remove users from groups having ITIL role assigned, few groups doesn't have ITIL role and user should continue to be in that group.

below is the code working to remove from all groups but we want identified users to remove only from groups having ITIL role assigned.

var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);

gr.query();

while(gr.next())
{

gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}

Saurav11 · ‎12-05-2022

Hello,

Please try the below code:-

(function runMailScript(/* GlideRecord */ current, /* TemplatePrinter */ template,
/* Optional EmailOutbound */ email, /* Optional GlideRecord */ email_action,
/* Optional GlideRecord */ event) {


var link=gs.getProperty('glide.servlet.uri') + 'sp?sys_id=' + current.sys_id+'&view=sp&id=ticket&table=incident';

template.print('<a href="'+link+'>'+
current.number + '</a>');

})(current, template, email, email_action, event);



var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);

gr.query();


while(gr.next())
{

gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil')
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}

Please mark my answer as correct based on Impact.

View solution in original post

Saurav11 · ‎12-05-2022

Hello,

Please try the below code:-

(function runMailScript(/* GlideRecord */ current, /* TemplatePrinter */ template,
/* Optional EmailOutbound */ email, /* Optional GlideRecord */ email_action,
/* Optional GlideRecord */ event) {


var link=gs.getProperty('glide.servlet.uri') + 'sp?sys_id=' + current.sys_id+'&view=sp&id=ticket&table=incident';

template.print('<a href="'+link+'>'+
current.number + '</a>');

})(current, template, email, email_action, event);



var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);

gr.query();


while(gr.next())
{

gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil')
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}

Please mark my answer as correct based on Impact.

cynlink1 · ‎06-12-2023

Hi @Saurav11,

I have been asked to fulfill a similar, but different, requirement. Many of our users who are assigned the itil role or one of more of the ITSM roles (e.g., sn_incident_write, sn_change_write, etc.) log into ServiceNow on a daily basis to use various custom-developed scoped applications which support non-IT business processes. As a result, I cannot leverage the last_login_time field value in my logic when evaluating whether or not to remove an user's itil or ITSM roles. Instead, I need to identify users who have not created or updated any records (i.e., change, incident, requests, knowledge, etc.) requiring the itil or ITSM roles within the last 90 days before removing the user from the group inheriting the privileged role(s).

Would you be able to provide me an example script that I could leverage in this scenario?

Thank you in advance!

Ravi kiran1 · ‎12-27-2022

This scripts works

var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);

gr.query();

while(gr.next())
{

//gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil');
groupGR.query();
while (groupGR.next()) {
//gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
}