Remove user from ITIL groups if not logged for 60 days

Ravi kiran1
Tera Contributor

Hi Team,

 

I am working on requirement to remove users from groups who has not logged in for 60 days , this is achieved. Few groups doesn't have ITIL role assigned as (roles are assigned to groups not for users) ,but we want to remove users from groups having ITIL role assigned, few groups doesn't have ITIL role and user should continue to be in that group.

 

below is the code working to remove from all groups but we want identified users to remove only from groups having ITIL role assigned.

 

var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);

gr.query();


while(gr.next())
{

gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}

1 ACCEPTED SOLUTION

Saurav11
Kilo Patron
Kilo Patron

Hello,

 

Please try the below code:-

 

(function runMailScript(/* GlideRecord */ current, /* TemplatePrinter */ template,
/* Optional EmailOutbound */ email, /* Optional GlideRecord */ email_action,
/* Optional GlideRecord */ event) {


var link=gs.getProperty('glide.servlet.uri') + 'sp?sys_id=' + current.sys_id+'&view=sp&id=ticket&table=incident';

template.print('<a href="'+link+'>'+
current.number + '</a>');

})(current, template, email, email_action, event);



var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);

gr.query();


while(gr.next())
{

gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil')
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}

 

Please mark my answer as correct based on Impact.

View solution in original post

3 REPLIES 3

Saurav11
Kilo Patron
Kilo Patron

Hello,

 

Please try the below code:-

 

(function runMailScript(/* GlideRecord */ current, /* TemplatePrinter */ template,
/* Optional EmailOutbound */ email, /* Optional GlideRecord */ email_action,
/* Optional GlideRecord */ event) {


var link=gs.getProperty('glide.servlet.uri') + 'sp?sys_id=' + current.sys_id+'&view=sp&id=ticket&table=incident';

template.print('<a href="'+link+'>'+
current.number + '</a>');

})(current, template, email, email_action, event);



var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);

gr.query();


while(gr.next())
{

gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil')
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}

 

Please mark my answer as correct based on Impact.

Hi  @Saurav11,

 

I have been asked to fulfill a similar, but different, requirement. Many of our users who are assigned the itil role or one of more of the ITSM roles (e.g., sn_incident_write, sn_change_write, etc.) log into ServiceNow on a daily basis to use various custom-developed scoped applications which support non-IT business processes. As a result, I cannot leverage the last_login_time field value in my logic when evaluating whether or not to remove an user's itil or ITSM roles. Instead, I need to identify users who have not created or updated any records (i.e., change, incident, requests, knowledge, etc.) requiring the itil or ITSM roles within the last 90 days before removing the user from the group inheriting the privileged role(s).

 

Would you be able to provide me an example script that I could leverage in this scenario?

 

Thank you in advance!

 

Ravi kiran1
Tera Contributor

This scripts works 

 

var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);

gr.query();


while(gr.next())
{

//gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil');
groupGR.query();
while (groupGR.next()) {
//gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
}