Script to Check if User is in one of the Admin Groups or Has Admin role

saggi · ‎03-30-2021

Hi All,

I am trying to write a code in a script include to check whether user has a admin role or isMember of one of the admin Group.

This is not working

Below is the script I have written so far.

/////////////////////////// to check if user has admin role or not

var userID = this.getParameter('sysparm_userID');
var gaAdmin = new GlideRecord('sys_user_has_role');
gaAdmin.addEncodedQuery('role.name=security_admin^ORrole.name=admin^user.sys_id='+userID);
gaAdmin.query();
if (gaAdmin.next()) {
return true;
}
else {
return false;
}

///////////////////////////// to check if user is in Admin group

var grpsArray = [];
var gr = new GlideRecord('sys_group_has_role');
gr.addEncodedQuery('role.name=admin^ORrole.name=security_admin');

gr.query();
while (gr.next()) {
grpsArray.push(gr.group.toString());
}
// return grpsArray;

for(var y=0; y < grpsArray.length; y++){

var isMember = gs.getUser().getUserByID('userID').isMemberOf(grpsArray[y]);

if (isMember)
{ return true;
break;
}

Mark Roethof · ‎03-30-2021

Hi there,

Feels like this can be done way easier. Though... where will you be using the code? Can you describe the usage?

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020, 2021 ServiceNow Community MVP
2020, 2021 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

saggi · ‎03-30-2021

I am doing a AJAX call to display some message from client script ,so this code would be in a Client callable script include.

If user has a admin role if would display some message and if user is in admin group it would some other message.

Mark Roethof · ‎03-30-2021

The admin group, does that contain the admin role? If so, it feels a bit double to check admin role + admin group?

For Client Side usage, you can use g_user.hasRole(), so there's no need to use a Script Include here. Also reading your case, you could also just use scratchpad with a business rule.

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020, 2021 ServiceNow Community MVP
2020, 2021 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

Mahesh Kumar3 · ‎03-30-2021

Hi @saggy

I agree to @Mark Roethof that you can make your implementation more simpler using g_scratchpad.

However, if you want to go with your approach then update your scripts like this and try and let us know the results:

// use this in script include function

var userID = this.getParameter('sysparm_userID');
var now_GR = new GlideRecord("sys_user_has_role");
now_GR.addQuery('sys_id', userID);
now_GR.addEncodedQuery('role.name=admin')
now_GR.query();
if (now_GR.next()) {
    if (now_GR.role.name == 'admin') {
        if (now_GR.inherited == true) {
            return 'adminByGroup';
        }else{
			return 'adminByRole';
		}

    }
}
return 'noAdminRole';



// Update in client script like this

var answer = response.responseXML.documentElement.getAttribute("answer");
if(answer == 'adminByGroup'){
	// put msg for group role
}else if(answer == 'adminByRole'){
	// put msg for admin role
}else{
	//put  msg for no role
}

saggi · ‎03-30-2021

We have some custom script (build earlier) that removes the roles and not the groups for user record.

Both of these are valid scenario that is why I have to check both.