Script to add users in a group

palmen
Tera Guru

I have a requirement as follows.

All users who are responsible for a system (u_cmdb_ci_service_system) should belong to the group "ServiceNow - System Responsible".

If you are removed as system responsible you should no longer belong to the group.

If you are added as system responsible for a system you should be added to the group (unless you already are a member, same user can be responsible for more then 1 system).

What is the best solution for this? Create a Business Rule when you change the field System Responsible (u_system_responsible) or have a scheduled script that runs every night?

I started with the scheduled script and it's working fine. Only thing I'm a bit worried about is if you delete/comment row 3 in the script, all users will lose their groups. Since we assign roles by groups they would also lose all their roles which is a very bad thing.

This is my scheduled script

//Remove all users in group ServiceNow - System Responsible

var remove= new GlideRecord('sys_user_grmember');

remove.addQuery('group','=', '4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible

remove.query();

while(remove.next()){

  remove.deleteRecord();

}

//Add System Responsible to group "ServiceNow - System Responsible"

var system;

var group;

var user;

//Query all users at Company X

user = new GlideRecord('sys_user');

user.addQuery('company', '=', '7c401d5d15d66c40b84c3a16586bdce9'); //Company X

user.query();

while (user.next()) {

  //Query all active systems where user is system responsible

  system = new GlideRecord('u_cmdb_ci_service_system');

  system.addQuery('install_status', '=', '101'); //101 = Active

  system.addQuery('u_system_responsible', '=', user.sys_id);

  system.query();

  if(system.next()) {

      //Create a new group relationship record for this user

      group = new GlideRecord('sys_user_grmember');

      group.initialize();

      group.user = user.sys_id;

      group.group.setDisplayValue('ServiceNow - System Responsible');

      group.insert();

  }

}

Any thoughts about best practice?

Or is there some way to modify my scheduled script to not risk removing all group relations for all users?

1 ACCEPTED SOLUTION

These are the 2 scripts we use.


Business rule to add members and a scheduled script to remove users from the group.



BUSINESS RULE


Table: System [u_cmdb_ci_service_system]


Insert: True


Update: True


When: After


Filter Condition: "System responsible" changes


Script


//Get the new System Responsible


var user = current.u_system_responsible.sys_id;




//Create a new group relationship record for this user  


var rec1 = new GlideRecord('sys_user_grmember');  


rec1.initialize();  


rec1.user = user;  


rec1.group.setDisplayValue('ServiceNow - System Responsible');  


rec1.insert();




SCHEDULED SCRIPT


Run: Daily


Time: Hours 00:10:00


Script


var users = new GlideRecord('sys_user_grmember');    


users.addQuery('group','4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible    


users.query();    


while(users.next()){    


      if (! isResponsibleForSystem(users)) {    


              users.deleteRecord();  


      }        


}    


 


function isResponsibleForSystem(user) {    


      system = new GlideRecord('u_cmdb_ci_service_system');    


      system.addQuery('install_status', '=', '101'); //101 = Active    


      system.addQuery('u_system_responsible', user.user.sys_id);    


      system.query();    


      return system.hasNext();    


}    


View solution in original post

14 REPLIES 14

Uncle Rob
Kilo Patron

I don't see any problem with doing that for each transaction.   Scheduling it for scripted execution doesn't really win you anything.   In the time between adding/removing someone from the responsible list for a CI, that CI could have an issue, and then I'm assuming your notifications / workflows will be targeting inappropriate users.


edwin_munoz
Mega Guru

Hello Frederik,



Instead of removing all the members from the group each day you can do something like this: (This will remove everyone that is not responsible for a system anymore)



var users = new GlideRecord('sys_user_grmember');


users.addQuery('group','=', '4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible


users.query();


while(users.next()){


      if (! isResponsibleForSystem(users)) {


              remove.deleteRecord();


      }



}




function isResponsibleForSystem(user) {


      system = new GlideRecord('u_cmdb_ci_service_system');


      system.addQuery('install_status', '=', '101'); //101 = Active


      system.addQuery('u_system_responsible', '=', user.sys_id);


      system.query();


      return system.hasNext();


}



Use the same code that you have for adding users to the group.



You can also create two business rules that   should run on the service system table , one to add user to the group and one to delete the user from the group.



I think you will get the idea.



Thanks!


I've decided to do 1 business rule to add users to the group when System Responsible Changes.


The Business Rule is working fine, but I need to a scheduled script to run every night to remove users from the group "ServiceNow - System Responsible" if they aren't assigned as System Responsible for any system.



I've been trying to work on this scheduled script now but can't get it to work.


It still removes all users from the group "ServiceNow - System Responsible", even if they are assigned as System Responsible for a system.


I've been trying to use the script posted above by Edwin Munoz but it's not working and I've tried to change it to get it to work but no luck.



This is what I've got at the moment


var rem = new GlideRecord('sys_user_grmember');


rem.addQuery('group','=', '4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible


rem.query();


while(rem.next()){


  if (! isResponsibleForSystem(user)) {


      rem.deleteRecord();


  }


}




function isResponsibleForSystem(user) {


  user = new GlideRecord('sys_user');


  user.addQuery('company', '=', '7c401d5d15d66c40b84c3a16586bdce9'); //Company X


  user.query();


  while (user.next()) {


      var system = new GlideRecord('u_cmdb_ci_service_system');


      system.addQuery('install_status', '=', '101'); //101 = Active


      system.addQuery('u_system_responsible', '=', user.sys_id);


      system.query();


      return system.hasNext();


  }


}



Any help would be appreciated.


palmen
Tera Guru

This is the Business Rule we'll use to add users to the group "ServiceNow - System Responsible" if a system responsible changes for a system.



Table: System [u_cmdb_ci_service_system]


Insert: True


Update: True


When: After


Filter Condition: "System responsible" changes


Script


//Get the new System Responsible


var user = current.u_system_responsible.sys_id;




//Create a new group relationship record for this user


var rec1 = new GlideRecord('sys_user_grmember');


rec1.initialize();


rec1.user = user;


rec1.group.setDisplayValue('ServiceNow - System Responsible');


rec1.insert();