Removing from users inherited roles without known source

Go to solution
MGanon
Tera Guru

‎09-09-2019 12:36 PM

Most of our users inherit roles from the groups to which they belong. We recently identified a small number of less than 50 users that show inherited roles but no source. I also cannot remove any of the roles from those users. Nothing appears unusual about the users and none have any admin-type roles. Editing the role list for these users indicates no roles. For these users, the role list indicates that all of their roles are inherited by the Granted By field is blank. All of the roles for these users were added on 3 separate dates by either the background import user or by me.

How do I remove the roles from these users?

0 Helpfuls
  • 2,532 Views
1 ACCEPTED SOLUTION

Go to solution
vkachineni
Kilo Sage
Kilo Sage

‎09-09-2019 01:20 PM

Use a fix script to remove roles that have granted by as null.

 

deleteEmptyGrantedBy();
function deleteEmptyGrantedBy()
{
	var emptyGrantedBy = new GlideRecord('sys_user_has_role');
	emptyGrantedBy.addEncodedQuery('granted_by=NULL');	
	emptyGrantedBy.query();	
	// Loop thru the rest and delete them
	while(emptyGrantedBy.next())
	{	
		//Setting these may speed up the process
		emptyGrantedBy.autoSysFields(false);
		emptyGrantedBy.setWorkflow(false);
		//emptyGrantedBy.deleteRecord(); //uncomment when ready to delete		
	}
}
Please mark Correct and click the Thumb up if my answer helps you resolve your issue. Thanks!
Vinod Kumar Kachineni
Community Rising Star 2022

View solution in original post

3 REPLIES 3

Go to solution
Elijah Aromola
Mega Sage

‎09-09-2019 12:41 PM

Can you write a script?

0 Helpfuls

Go to solution
vkachineni
Kilo Sage
Kilo Sage

‎09-09-2019 01:20 PM

Use a fix script to remove roles that have granted by as null.

 

deleteEmptyGrantedBy();
function deleteEmptyGrantedBy()
{
	var emptyGrantedBy = new GlideRecord('sys_user_has_role');
	emptyGrantedBy.addEncodedQuery('granted_by=NULL');	
	emptyGrantedBy.query();	
	// Loop thru the rest and delete them
	while(emptyGrantedBy.next())
	{	
		//Setting these may speed up the process
		emptyGrantedBy.autoSysFields(false);
		emptyGrantedBy.setWorkflow(false);
		//emptyGrantedBy.deleteRecord(); //uncomment when ready to delete		
	}
}
Please mark Correct and click the Thumb up if my answer helps you resolve your issue. Thanks!
Vinod Kumar Kachineni
Community Rising Star 2022

Go to solution
HugoFirst
Kilo Sage

‎09-09-2019 02:15 PM

Hello MGanon,

 

You have some great advice regarding your question and I'd like to provide my .02 which has a different approach. Note: I recommend that you try this in a sub-prod instance first.

1. View the list of user roles with an empty "Granted by".  Here's a URL you can use:

https://YOUR_INSTANCE.service-now.com/sys_user_has_role_list.do?sysparm_query=granted_byISEMPTY

 

2. EXPORT this list as XML to a safe location.  This is your backup of the data so that you can easily restore it if any bad issues come up afterwards that make you regret deleting the records.

 

3. Now in the list view, you can check the "select all" and then "Delete" from the action widget:

find_real_file.png

 

Preview file
30 KB
0 Helpfuls