Script to add users in a group

Go to solution
palmen
Tera Guru

‎06-24-2015 07:29 AM

I have a requirement as follows.

All users who are responsible for a system (u_cmdb_ci_service_system) should belong to the group "ServiceNow - System Responsible".

If you are removed as system responsible you should no longer belong to the group.

If you are added as system responsible for a system you should be added to the group (unless you already are a member, same user can be responsible for more then 1 system).

What is the best solution for this? Create a Business Rule when you change the field System Responsible (u_system_responsible) or have a scheduled script that runs every night?

I started with the scheduled script and it's working fine. Only thing I'm a bit worried about is if you delete/comment row 3 in the script, all users will lose their groups. Since we assign roles by groups they would also lose all their roles which is a very bad thing.

This is my scheduled script

//Remove all users in group ServiceNow - System Responsible


var remove= new GlideRecord('sys_user_grmember');


remove.addQuery('group','=', '4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible


remove.query();


while(remove.next()){


   remove.deleteRecord();


}




//Add System Responsible to group "ServiceNow - System Responsible"


var system;


var group;


var user;




//Query all users at Company X


user = new GlideRecord('sys_user');


user.addQuery('company', '=', '7c401d5d15d66c40b84c3a16586bdce9'); //Company X


user.query();


while (user.next()) {


   //Query all active systems where user is system responsible


   system = new GlideRecord('u_cmdb_ci_service_system');


   system.addQuery('install_status', '=', '101'); //101 = Active


   system.addQuery('u_system_responsible', '=', user.sys_id);


   system.query();


   if(system.next()) {


       //Create a new group relationship record for this user


       group = new GlideRecord('sys_user_grmember');


       group.initialize();


       group.user = user.sys_id;


       group.group.setDisplayValue('ServiceNow - System Responsible');


       group.insert();


   }


}

Any thoughts about best practice?

Or is there some way to modify my scheduled script to not risk removing all group relations for all users?

Labels:
0 Helpfuls
  • 7,702 Views
1 ACCEPTED SOLUTION

Go to solution
palmen
Tera Guru
In response to palmen

‎07-08-2015 07:42 AM

These are the 2 scripts we use.


Business rule to add members and a scheduled script to remove users from the group.



BUSINESS RULE


Table: System [u_cmdb_ci_service_system]


Insert: True


Update: True


When: After


Filter Condition: "System responsible" changes


Script


//Get the new System Responsible



var user = current.u_system_responsible.sys_id;









//Create a new group relationship record for this user   



var rec1 = new GlideRecord('sys_user_grmember');   



rec1.initialize();   



rec1.user = user;   



rec1.group.setDisplayValue('ServiceNow - System Responsible');   



rec1.insert();



SCHEDULED SCRIPT


Run: Daily


Time: Hours 00:10:00


Script


var users = new GlideRecord('sys_user_grmember');     



users.addQuery('group','4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible     



users.query();     



while(users.next()){     



       if (! isResponsibleForSystem(users)) {     



               users.deleteRecord();   



       }         



}     



   



function isResponsibleForSystem(user) {     



       system = new GlideRecord('u_cmdb_ci_service_system');     



       system.addQuery('install_status', '=', '101'); //101 = Active     



       system.addQuery('u_system_responsible', user.user.sys_id);     



       system.query();     



       return system.hasNext();     



}    

View solution in original post

0 Helpfuls
14 REPLIES 14

Go to solution
Uncle Rob
Kilo Patron

‎06-24-2015 07:53 AM

I don't see any problem with doing that for each transaction.   Scheduling it for scripted execution doesn't really win you anything.   In the time between adding/removing someone from the responsible list for a CI, that CI could have an issue, and then I'm assuming your notifications / workflows will be targeting inappropriate users.


0 Helpfuls

Go to solution
edwin_munoz
Mega Guru

‎06-24-2015 08:36 AM

Hello Frederik,



Instead of removing all the members from the group each day you can do something like this: (This will remove everyone that is not responsible for a system anymore)



var users = new GlideRecord('sys_user_grmember');



users.addQuery('group','=', '4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible



users.query();



while(users.next()){



       if (! isResponsibleForSystem(users)) {



               remove.deleteRecord();



       }






}









function isResponsibleForSystem(user) {



       system = new GlideRecord('u_cmdb_ci_service_system');



       system.addQuery('install_status', '=', '101'); //101 = Active



       system.addQuery('u_system_responsible', '=', user.sys_id);



       system.query();



       return system.hasNext();



}


Use the same code that you have for adding users to the group.



You can also create two business rules that   should run on the service system table , one to add user to the group and one to delete the user from the group.



I think you will get the idea.



Thanks!


0 Helpfuls

Go to solution
palmen
Tera Guru
In response to edwin_munoz

‎07-08-2015 07:08 AM

I've decided to do 1 business rule to add users to the group when System Responsible Changes.


The Business Rule is working fine, but I need to a scheduled script to run every night to remove users from the group "ServiceNow - System Responsible" if they aren't assigned as System Responsible for any system.



I've been trying to work on this scheduled script now but can't get it to work.


It still removes all users from the group "ServiceNow - System Responsible", even if they are assigned as System Responsible for a system.


I've been trying to use the script posted above by Edwin Munoz but it's not working and I've tried to change it to get it to work but no luck.



This is what I've got at the moment


var rem = new GlideRecord('sys_user_grmember');



rem.addQuery('group','=', '4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible



rem.query();



while(rem.next()){



   if (! isResponsibleForSystem(user)) {



       rem.deleteRecord();



   }



}









function isResponsibleForSystem(user) {



   user = new GlideRecord('sys_user');



   user.addQuery('company', '=', '7c401d5d15d66c40b84c3a16586bdce9'); //Company X



   user.query();



   while (user.next()) {



       var system = new GlideRecord('u_cmdb_ci_service_system');



       system.addQuery('install_status', '=', '101'); //101 = Active



       system.addQuery('u_system_responsible', '=', user.sys_id);



       system.query();



       return system.hasNext();



   } 



}


Any help would be appreciated.


0 Helpfuls

Go to solution
palmen
Tera Guru

‎07-08-2015 07:12 AM

This is the Business Rule we'll use to add users to the group "ServiceNow - System Responsible" if a system responsible changes for a system.



Table: System [u_cmdb_ci_service_system]


Insert: True


Update: True


When: After


Filter Condition: "System responsible" changes


Script


//Get the new System Responsible



var user = current.u_system_responsible.sys_id;









//Create a new group relationship record for this user 



var rec1 = new GlideRecord('sys_user_grmember'); 



rec1.initialize(); 



rec1.user = user; 



rec1.group.setDisplayValue('ServiceNow - System Responsible'); 



rec1.insert();
0 Helpfuls