Script to add users in a group

Go to solution
palmen
Tera Guru

‎06-24-2015 07:29 AM

I have a requirement as follows.

All users who are responsible for a system (u_cmdb_ci_service_system) should belong to the group "ServiceNow - System Responsible".

If you are removed as system responsible you should no longer belong to the group.

If you are added as system responsible for a system you should be added to the group (unless you already are a member, same user can be responsible for more then 1 system).

What is the best solution for this? Create a Business Rule when you change the field System Responsible (u_system_responsible) or have a scheduled script that runs every night?

I started with the scheduled script and it's working fine. Only thing I'm a bit worried about is if you delete/comment row 3 in the script, all users will lose their groups. Since we assign roles by groups they would also lose all their roles which is a very bad thing.

This is my scheduled script

//Remove all users in group ServiceNow - System Responsible


var remove= new GlideRecord('sys_user_grmember');


remove.addQuery('group','=', '4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible


remove.query();


while(remove.next()){


   remove.deleteRecord();


}




//Add System Responsible to group "ServiceNow - System Responsible"


var system;


var group;


var user;




//Query all users at Company X


user = new GlideRecord('sys_user');


user.addQuery('company', '=', '7c401d5d15d66c40b84c3a16586bdce9'); //Company X


user.query();


while (user.next()) {


   //Query all active systems where user is system responsible


   system = new GlideRecord('u_cmdb_ci_service_system');


   system.addQuery('install_status', '=', '101'); //101 = Active


   system.addQuery('u_system_responsible', '=', user.sys_id);


   system.query();


   if(system.next()) {


       //Create a new group relationship record for this user


       group = new GlideRecord('sys_user_grmember');


       group.initialize();


       group.user = user.sys_id;


       group.group.setDisplayValue('ServiceNow - System Responsible');


       group.insert();


   }


}

Any thoughts about best practice?

Or is there some way to modify my scheduled script to not risk removing all group relations for all users?

Labels:
0 Helpfuls
  • 7,714 Views
1 ACCEPTED SOLUTION

Go to solution
palmen
Tera Guru
In response to palmen

‎07-08-2015 07:42 AM

These are the 2 scripts we use.


Business rule to add members and a scheduled script to remove users from the group.



BUSINESS RULE


Table: System [u_cmdb_ci_service_system]


Insert: True


Update: True


When: After


Filter Condition: "System responsible" changes


Script


//Get the new System Responsible



var user = current.u_system_responsible.sys_id;









//Create a new group relationship record for this user   



var rec1 = new GlideRecord('sys_user_grmember');   



rec1.initialize();   



rec1.user = user;   



rec1.group.setDisplayValue('ServiceNow - System Responsible');   



rec1.insert();



SCHEDULED SCRIPT


Run: Daily


Time: Hours 00:10:00


Script


var users = new GlideRecord('sys_user_grmember');     



users.addQuery('group','4fb4d1866f3842006cd79cef8d3ee468'); //ServiceNow - System Responsible     



users.query();     



while(users.next()){     



       if (! isResponsibleForSystem(users)) {     



               users.deleteRecord();   



       }         



}     



   



function isResponsibleForSystem(user) {     



       system = new GlideRecord('u_cmdb_ci_service_system');     



       system.addQuery('install_status', '=', '101'); //101 = Active     



       system.addQuery('u_system_responsible', user.user.sys_id);     



       system.query();     



       return system.hasNext();     



}    

View solution in original post

0 Helpfuls
14 REPLIES 14

Go to solution
palmen
Tera Guru
In response to Kushagra Mehrot

‎11-20-2015 12:33 AM

This is the code we use now, we check if the user already is part of the group before trying to add them.


Maybe it can help you?



function userHasGroup(userID, group) { 

   var uhrRec = new GlideRecord('sys_user_has_role'); 


   uhrRec.addQuery('user', userID); 

   uhrRec.addQuery('granted_by.name', group);   //Name of group that grants the role (ServiceNow - System Responsible)

   uhrRec.query(); 

   return uhrRec.hasNext(); 

}



//Get the new System Responsible

var user = current.u_system_responsible.sys_id;



//Create a new group relationship record for this user

if(!userHasGroup(user, 'ServiceNow - System Responsible')) {

   var rec1 = new GlideRecord('sys_user_grmember');

   rec1.initialize();

   rec1.user = user;

   rec1.group.setDisplayValue('ServiceNow - System Responsible');

   rec1.insert();

}

0 Helpfuls

Go to solution
Michael Bachme1
Kilo Guru
In response to palmen

‎02-29-2016 11:54 AM

I have this.. how do I make sure i don't create duplicate entries? My goal is to run this as a business rule on the sys_user table on insert and update. Thanks in advance.



var usr = new GlideRecord('sys_user');


usr.setLimit(5);


usr.addQuery("location.country", "US");


usr.query();


while(usr.next()) {    




  var gr = new GlideRecord('sys_user_grmember');


  gr.initialize();


  gr.user = usr.sys_id;


  gr.setDisplayValue("group", "US group");


  gr.insert();


  gs.log('Added ' + gr.user + ' to group: ' + gr.getDisplayValue('group'));


  }


0 Helpfuls

Go to solution
Kushagra Mehrot
Kilo Guru
In response to Michael Bachme1

‎02-29-2016 08:36 PM

Try This::



var usr = new GlideRecord('sys_user');


usr.setLimit(5);


usr.addQuery("location.country", "US");


usr.query();


var group = 'US group';


while(usr.next()) {


if(!gs.getUser().getUserByID(usr.sys_id).isMemberOf(group)){



  var gr = new GlideRecord('sys_user_grmember');


  gr.initialize();


gr.setWorkflow(false);


  gr.user = usr.sys_id;


  gr.group.setDisplayValue('US group');


  gr.insert();


  gs.log('Added ' + gr.user + ' to group: ' + gr.getDisplayValue('group'));


  }


}




0 Helpfuls

Go to solution
Michael Bachme1
Kilo Guru
In response to Kushagra Mehrot

‎03-01-2016 06:47 AM

Kushagra:



Unfortunately, it is still adding duplicates.


0 Helpfuls

Go to solution
Nani6
Mega Guru
In response to palmen

‎02-26-2018 03:17 AM

Hi Palmen,

I followed your post and was able to successfully add customers to the group, if they are not part of that group. But the issue comes while removing users, your script is removing all the members of the group.

So i thought of removing all members from the group first and then add the customers to that group. But when the scheduled job is running it is adding only member to that group. I know that first we have to take all the customers into an array and then add them to the group. But i am not sure how to accomplish this?

This is how my code looks like:

//remove all members

var user = new GlideRecord('sys_user_grmember');
user.addQuery('group','077b7cb2875e1100aaf3a2f31a463hdd');
user.query();
while(user.next()){
user.deleteRecord();
}

 

//add members


var catowner = new GlideRecord ('u_customer');
catowner.addQuery('active',true);
catowner.query();
if(catowner.next()){
var owner = catowner.u_owner.sys_id;

if(!isMember(owner, '077b7cb2875e1100aaf3a2f31a463hdd')) {
var grmember = new GlideRecord('sys_user_grmember');
grmember.query();
if(grmember.next()){
grmember.initialize();
grmember.user = owner;
grmember.group = '077b7cb2875e1100aaf3a2f31a463hdd';
grmember.insert();
}

}
}

function isMember(userID, group) {
var hasrole = new GlideRecord('sys_user_has_role');
hasrole.addQuery('user', userID);
hasrole.addQuery('granted_by.name', group);
hasrole.query();
return hasrole.hasNext();
}

 

Any help is greatly appreciable.

Thanks

0 Helpfuls