- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2022 06:15 AM - edited 12-05-2022 11:19 PM
Hi Team,
I am working on requirement to remove users from groups who has not logged in for 60 days , this is achieved. Few groups doesn't have ITIL role assigned as (roles are assigned to groups not for users) ,but we want to remove users from groups having ITIL role assigned, few groups doesn't have ITIL role and user should continue to be in that group.
below is the code working to remove from all groups but we want identified users to remove only from groups having ITIL role assigned.
var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);
gr.query();
while(gr.next())
{
gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2022 11:32 PM
Hello,
Please try the below code:-
(function runMailScript(/* GlideRecord */ current, /* TemplatePrinter */ template,
/* Optional EmailOutbound */ email, /* Optional GlideRecord */ email_action,
/* Optional GlideRecord */ event) {
var link=gs.getProperty('glide.servlet.uri') + 'sp?sys_id=' + current.sys_id+'&view=sp&id=ticket&table=incident';
template.print('<a href="'+link+'>'+
current.number + '</a>');
})(current, template, email, email_action, event);
var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);
gr.query();
while(gr.next())
{
gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil')
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}
Please mark my answer as correct based on Impact.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2022 11:32 PM
Hello,
Please try the below code:-
(function runMailScript(/* GlideRecord */ current, /* TemplatePrinter */ template,
/* Optional EmailOutbound */ email, /* Optional GlideRecord */ email_action,
/* Optional GlideRecord */ event) {
var link=gs.getProperty('glide.servlet.uri') + 'sp?sys_id=' + current.sys_id+'&view=sp&id=ticket&table=incident';
template.print('<a href="'+link+'>'+
current.number + '</a>');
})(current, template, email, email_action, event);
var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);
gr.query();
while(gr.next())
{
gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil')
groupGR.query();
while (groupGR.next()) {
gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
var roleGR = new GlideRecord('sys_user_has_role');
roleGR.addQuery('user', gr.sys_id);
roleGR.query();
while (roleGR.next()) {
gs.print(roleGR.role.getDisplayValue() + " " + roleGR.user.getDisplayValue());
roleGR.deleteRecord();
}
}
Please mark my answer as correct based on Impact.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-12-2023 02:10 PM
Hi @Saurav11,
I have been asked to fulfill a similar, but different, requirement. Many of our users who are assigned the itil role or one of more of the ITSM roles (e.g., sn_incident_write, sn_change_write, etc.) log into ServiceNow on a daily basis to use various custom-developed scoped applications which support non-IT business processes. As a result, I cannot leverage the last_login_time field value in my logic when evaluating whether or not to remove an user's itil or ITSM roles. Instead, I need to identify users who have not created or updated any records (i.e., change, incident, requests, knowledge, etc.) requiring the itil or ITSM roles within the last 90 days before removing the user from the group inheriting the privileged role(s).
Would you be able to provide me an example script that I could leverage in this scenario?
Thank you in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-27-2022 05:45 AM
This scripts works
var gr = new GlideRecord('sys_user');
var queryString = "roles=ITIL^last_login_timeRELATIVELT@dayofweek@ago@60^active=true^u_user_type!=atos_integration^nameNOT LIKESystem Administrator";
gr.addEncodedQuery(queryString);
gr.query();
while(gr.next())
{
//gs.print("User Name:"+ gr.user_name+ " " + "User Name:" +gr.name +" " + "sys_id:" + gr.sys_id);
var groupGR = new GlideRecord('sys_user_grmember');
groupGR.addQuery('user', gr.sys_id);
groupGR.addEncodedQuery('group.roles=itil');
groupGR.query();
while (groupGR.next()) {
//gs.print("User is in group::"+groupGR.getDisplayValue('group'));
groupGR.deleteRecord();
}
}