Removing Users from group(s) via workflow Run Script

Community Alums · ‎12-29-2017

Hey all,

I am working on a script for a Run Workflow activity and am stuck. Here is an overview:

User submits a form on the Portal that creates a RITM. When they Select the option "Remove Access" another field pops up with a list of the current groups they are in. They can select which group or groups they want to have access removed from and then submit the form. The workflow is set up such as if they request removal from group(s) they are members of, there is no approval needed and the system can go ahead with the automation and remove them. I have all of that stuff figured out, its the script I am stuck on.

Here is what I have so far, admittedly I am not terribly experienced with scripting so I may be going in the totally wrong direction:

var grpRemove = new GlideRecord('sys_user_grmember');

grpRemove.addQuery('user', current.variables.requester_name.sys_id);

grpRemove.addquery('group.name', current.variables.var_groups_removal);

grpRemove.query();

if(grpRemove.next()) {

grpRemove.deleteRecord();

}

I am thinking I need a way for it to remove the users from more than one group if they select more than one, but I was just trying to get it to remove them from one first and then build on it from there. I have tried a few variations and changes on the above script but no luck so far. Any help would be appreciated!

Thanks!

Community Alums · ‎12-29-2017

OK,

Got it working after much trial and error and enlisting the help from a fellow developer on a Skype meeting 😃 Want to post here to complete the question and for anyone else who may run in to this in the future. What we ended up having to do with the script is as follows:

var grps = current.variables.var_groups_removal.toString().split(',');

var grpRemove = new GlideRecord('sys_user_grmember');

grpRemove.addQuery('user', current.variables.requester_name);

var groups = grpRemove.addQuery('group', grps[0]);

for (var i = 1; i< grps.length;i++)

groups.addOrCondition('group', grps[i]);

grpRemove.query();

while(grpRemove.next()) {

grpRemove.deleteRecord();

}

var removed = current.variables.var_groups_removal.getDisplayValue();

current.comments = "The user has been successfully removed from the following groups: " + removed;

Thanks all for the help and suggestions with this, definitely made it easier!

View solution in original post

tobrien · ‎12-29-2017

Hi Kris,

Here's some things to check

1. 'user' is the actual column name in the [sys_user_grmember]

2. ditto for 'group.name'

Here's some things to check via a gs.log()

3. is current.variables.requester_name.sys_id what you expect

4. is current.variables.var_groups_removal what you expect

Community Alums · ‎12-29-2017

So here is what I've found

1. User is the actual column name

2. group.name was wrong, its just group

2. current,variables.requester_name.sys_id is returning the current requesters sys_id which is what id expect

4. cuurent.variables.var_groups_removal is returning a sys_id but not the one that is associated with the name of the group selected in the var_groups_removal variable on the service portal form.

After testing this the script is removing me from a group when I submit this item.....its just not the group that is selected in var_groups_removal. It seems to be whichever group the system selects.....which is where I guess my trouble is now. How do I get it to select the group that is in the var)groups_removal variable?

Pradeep Sharma · ‎12-29-2017

Thanks for the update Kris. Is var_groups_removal a reference field? You mean the value select the d by user and on the form don't match?

Community Alums · ‎12-29-2017

Pradeep,

var_groups_removal is a list collector field on the form. Sorry i missed this question earlier!

So it looks like the value of the group selected on the form IS matching whats in the logs now, but that group is NOT being removed for the user. The system is randomly picking a group and removing the user from it instead of the intended one.

For Example I selected that I wanted to be removed from the "Alert Response" group which has a sys_id of 390912ce13061240e598f0912244b095, the logs returned 390912ce13061240e598f0912244b095, but I was removed from the ITIL Admins groups which has a completely different sys_id