Revoke itil role from users not logged in 60 days

Go to solution
SN Rookie
Giga Expert

‎07-01-2018 11:30 PM

Hi All,

The requirement is to remove ITIL role from users who haven't logged in 60 days from groups (which provide itil access) and also those users who were given itil role explicitly. Before removing it should also give row count so that the numbers can be matched. Any help is highly appreciated.

Thanks

Labels:
0 Helpfuls
  • 3,227 Views
1 ACCEPTED SOLUTION

Go to solution
Jay81
Tera Guru
In response to SN Rookie

‎07-03-2018 07:13 AM

Please try below script to delete user from support group

delete_user();
function delete_user()
{
var grp_role = new GlideRecord('sys_group_has_role');
grp_role.addQuery('role','282bf1fac6112285017366cb5f867469');
grp_role.query();
while(grp_role.next())
{
var gr_mem = new GlideRecord('sys_user_grmember');
gr_mem.addQuery('group',grp_role.group); gr_mem.addEncodedQuery("user.last_login_time<javascript:gs.daysAgoStart(60)^role=282bf1fac6112285017366cb5f867469^user.active=true");
gr_mem.query();
while(gr_mem.next())
{
gr_mem.deleteRecord();
gs.print("deleted users: " + gr_mem.user.getDisplayValue());

}


}
}

View solution in original post

0 Helpfuls
24 REPLIES 24

Go to solution
SN Rookie
Giga Expert
In response to Shashikant Yada

‎07-03-2018 03:22 AM

Tried this in Personal Dev - when I run the above script in background script it gives me the group names as below 

*** Script: Group nameCatalog Request Approvers for Sales
*** Script: Group nameField Services
*** Script: Group nameCatalog Request Approvers > $1000


But when I go back to sys_user_has_role, I still see 'Beth Anglin' as the user who has the 'itil' role. Ideally, the itil role should have been revoked from this user and she would have been removed from

0 Helpfuls

Go to solution
Shashikant Yada
Tera Guru
In response to SN Rookie

‎07-03-2018 04:22 AM

var count=0;
var ug = new GlideRecord('sys_group_has_role');
ug.addEncodedQuery("role=282bf1fac6112285017366cb5f867469");
ug.setLimit(1);
ug.query();
while(ug.next()){
gs.print('Group name' + ug.group.getDisplayValue());


var urole = new GlideRecord('sys_user_has_role');
urole.addQuery('role','282bf1fac6112285017366cb5f867469');// add sys_id of ITIL role
urole.query();
if (urole.next()) {
count++;
urole.deleteRecord(); // remove roles from the role table
gs.print('Group name' + ug.group.getDisplayValue() + ' Username' + urole.user.getDisplayValue() + ' Count' + count);

}
}

 

Now its removing the ITIL role from the user's profile, I am still checking for group.

0 Helpfuls

Go to solution
Sharique Azim
Mega Sage
In response to SN Rookie

‎07-03-2018 04:28 AM

Exactly, that is what we are doing in our production instance. keeping the member alive in the group still revoling his itil access.

 

Please provide the script that you are using?

0 Helpfuls

Go to solution
Jay81
Tera Guru
In response to SN Rookie

‎07-03-2018 07:13 AM

Please try below script to delete user from support group

delete_user();
function delete_user()
{
var grp_role = new GlideRecord('sys_group_has_role');
grp_role.addQuery('role','282bf1fac6112285017366cb5f867469');
grp_role.query();
while(grp_role.next())
{
var gr_mem = new GlideRecord('sys_user_grmember');
gr_mem.addQuery('group',grp_role.group); gr_mem.addEncodedQuery("user.last_login_time<javascript:gs.daysAgoStart(60)^role=282bf1fac6112285017366cb5f867469^user.active=true");
gr_mem.query();
while(gr_mem.next())
{
gr_mem.deleteRecord();
gs.print("deleted users: " + gr_mem.user.getDisplayValue());

}


}
}

0 Helpfuls

Go to solution
Sharique Azim
Mega Sage
In response to Jay81

‎07-03-2018 07:25 AM

Hi ,

can we not reduce the number of lines in this code?
using your code as a source.

 

var grp_role = new GlideRecord('sys_user_has_role');
grp_role.addEncodedQuery('role=282bf1fac6112285017366cb5f867469^user.last_login_time<"javascript:gs.daysAgoStart(60)"^user.active=true'); //assuming this is the exact sys id
grp_role.query();
while(grp_role.next())
{

grp_role.deleteRecord();  //i believe members need not to be deleted
gs.print("deleted users: " + gr_role.user.getDisplayValue());

}

 

 

incase you also want them to be removed from group

 

var grp_role = new GlideRecord('sys_user_has_role');
grp_role.addEncodedQuery('role=282bf1fac6112285017366cb5f867469^user.last_login_time<"javascript:gs.daysAgoStart(60)"^user.active=true'); //assuming this is the exact sys id
grp_role.query();
while(grp_role.next())
{

var gr_mem = new GlideRecord('sys_user_grmember');
gr_mem.addQuery('group',grp_role.group); 
gr_mem.query();
if(gr_mem.next()) //if this time
{
gr_mem.deleteRecord(); 
gs.print("deleted users: " + gr_mem.user.getDisplayValue()); 

}


}
0 Helpfuls