Removing roles from a User

GaneshErike
Tera Contributor

‎07-03-2025 09:17 AM

Hi,

 

One user is part of 7 groups. Out of those, one group was archived a long time ago, but the user is still showing as a member of that group. Some roles are being granted through this archived group.

 

I tried removing the user from that group in the test instance, but the roles are still present.

 

I need to remove the roles that were granted specifically by that archived group. Any idea why the roles are still there even after removing the user from the group? Or how I can clean this up properly?

 

Thanks.

0 Helpfuls
  • 962 Views
17 REPLIES 17

GlideFather
Tera Patron

‎07-03-2025 01:00 PM - edited ‎07-03-2025 01:01 PM

Hi @GaneshErike,

you probably know the [sys_user_has_role], but you can also check the [sys_group_has_role], from there you might be able to verify what role was granted from what group, if you will locate there some sys_id or empty/no name group, it might be the archived one.

Please check that table and let me know whether it helped

 

EDIT: the sys_group_has_role table could be dot-walked, so you can make the query for the one particular user, checking all their roles and to see the relation between roles and groups.

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


0 Helpfuls

GaneshErike
Tera Contributor
In response to GlideFather

‎07-03-2025 10:56 PM

Hi,

 

Roles are granted by one archived group ex - A, for this group roles are granted by another archived Group ex - B.

This Group B is a child of one active group ex - C and it had SPM roles. I have removed the SPM roles from Group C 2 day back. C has 20 child groups and SPM roles were removed from all these groups.

 

I am not able to see the roles section in archived groups.

 

Note: B is not in child groups list of C but in archived group B's parent group field is C.

 

0 Helpfuls

GlideFather
Tera Patron
In response to GaneshErike

‎07-03-2025 11:16 PM - edited ‎07-04-2025 12:30 AM

Manual role removal doesn’t help?

EDIT:

 

I tested from my end and the related tab indicates the role, but when clicked edit, it doesn't exist. Also in the sys_user_has_role it was not possible to edit/delete via background script.

KamilTEL_0-1751614184316.png


When Archiving, you can select whether you want to keep or remove the references, but now I guess it is not possible to undo. Please contact the ServiceNow team via HI Portal.

———
/* If my response wasn’t a total disaster ↙️ drop a Kudos or Accept as Solution ↘️ Cheers! */


0 Helpfuls