Revoke the admin access from user through scheduled job when the provided time ends
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2023 05:43 AM
Revoke the admin access from user through scheduled job when the provided time ends but If user has raised multiple request in that case remove only one access whose end date ends first and don't remove for them whose end date is future date.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2023 05:57 AM
Hi Sakshi,
I can provide code to write schedule job to revoke admin access. but the time comparison must be done by you.
Because, I have no idea where and how the time stamps are stored, if it is a RITM what are the variable names etc.
There are different ways to create and configure scheduled jobs in ServiceNow, but one of the simplest methods is to use the Scheduled Script Execution module. This module allows you to write a script that can perform any action on the platform, such as updating a user record or a role assignment. You can also specify the schedule, frequency, and conditions for running the script.
To remove admin access from a user using a scheduled job, you can follow these steps:
- Navigate to System Definition > Scheduled Script Execution.
- Click New to create a new scheduled job.
- Give the job a Name, such as “Remove Admin Access”.
- In the Run field, select Script.
- In the Script field, write the code that will remove admin access from the user. For example, you can use the following code snippet to remove the admin role from a user with the email address “user@example.com”:
// Get the user record by email
var user = new GlideRecord('sys_user');
user.addQuery('email', 'user@example.com');
user.query();
// Check if the user exists
if (user.next()) {
// Get the role assignment record by user and role
var role = new GlideRecord('sys_user_has_role');
role.addQuery('user', user.sys_id);
role.addQuery('role.name', 'admin');
role.query();
// Check if the role assignment exists
if (role.next()) {
// Delete the role assignment
role.deleteRecord();
}
}- In the Schedule field, select or create a schedule that defines when and how often the job will run. For example, you can select “Daily” to run the job every day at a specific time.
- In the Condition field, you can optionally add a condition that determines whether the job will run or not. For example, you can add a condition that checks if the user is still active or not.
- Click Submit to save the job.
The scheduled job will now run according to the schedule and condition you specified, and remove admin access from the user if applicable.
I hope this helps you with your query.
Kind Regards,
Swarnadeep Nandy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2023 02:05 AM
Hi @SwarnadeepNandy ,
I have written one scheduled job which is written on sc_req_item table which is running daily by 12 PM EST to revoke the access from user but what is happening it is removing all the admin access of user even though the end date is different date .
i.e it is just revoking the access without checking the user has raised multiple request or not.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2023 02:25 AM
Hi Sakshi,
Can you please provide the script, I think you were doing something wrong in the script.
Kind Regards,
Swarnadeep Nandy
