Hello, I have an interesting situation, right now a user is submitting access to change their group, their current group is prepopulated and can select a different group in a different select box and submit for access. once it gets to a certain point in the workflow, I have a script going creating tasks based on how many roles, if a role is contained in the NEW Group don't create a task, I have this working from code listed below. The problem I am having is to create tasks to remove access for the roles the "Current/Old" Group that aren't in the "New Group". So basically, whatever group that I have currently is going away and need to create tasks for the roles that I am losing, if they aren't in the new group. 

Code below is Querying the groups, roles, based on what user has and making tasks for Roles that the user does not have. 

grGroupRoles = new GlideRecord('sys_group_has_role');

grGroupRoles.addQuery('group', current.variables.role); //variable from catalog item of second/new group

grGroupRoles.query();

var missingRoles = []; //contains sys_id of missing roles

while (grGroupRoles.next()) {

    var grUserRole = new GlideRecord('sys_user_has_role');

    grUserRole.addQuery('user', current.variables.requested_for); //

    grUserRole.addQuery('role', grGroupRoles.getValue('role'));

    // grUserRole.setLimit(3);

    grUserRole.query();

    if (!grUserRole.hasNext()) {

        //missingRoles.push(grGroupRoles.getValue('roles'));

        var task = new GlideRecord("sc_task");

        task.initialize();

        var desc = '';

        task.setValue('request_item', current.getValue('sys_id'));

        task.short_description = 'Account Creator Review & Sign';

        task.requested_for = 'requested_for';

        task.approval = 'requested';

        task.assignment_group = '9c65f81c1b366c1091c5a820f54bcb2a';

        task.sc_catalog = 'SAAR';

        task.u_task_subtype = 'account_creator';

        task.insert();

    }

Any tips are helpful