script to scan ACL with empty conditions, script and roles

Go to solution
harikcm
Giga Contributor

‎11-03-2023 06:37 AM

Hello Community,

I need a background script to query the ACLs which doesn't have any condition, script or Roles.

 

I got my script working for Conditions and Script but roles part I'm unable to find a way.

 

Did anyone did this already?

0 Helpfuls
  • 1,662 Views
1 ACCEPTED SOLUTION

Go to solution
AnveshKumar M
Tera Sage
Tera Sage

‎11-03-2023 06:13 PM

Hello @harikcm 

 

ACL script and conditions are defined in the ACL record (sys_security_acl table) itself but the roles are defined in separate table called sys_security_acl_role. To query all 3 empty checks ACLs, you can use the following script.

 

 

 

var aclGr = new GlideRecord("sys_security_acl");

 

aclGr.addEncodedQuery("scriptISEMPTY^conditionISEMPTY"); //Script and Condition is empty

 

aclGr.addActiveQuery();

 

aclGr.query();

 

while(aclGr._next()){

 

   aclRoleGr = new GlideRecord("sys_security_acl_role");

 

   aclRoleGr.addQuery("sys_security_acl", aclGr.sys_id);

 

   aclRoleGr.query();

 

   if(!aclRoleGr._next()){

 

      gs.print(aclGr.sys_id);

 

   }

 

}

 

 

 

Please mark my answer helpful and accept as solution if it helped you 👍

Thanks,
Anvesh

View solution in original post

7 REPLIES 7

Go to solution
Marco0o1
Tera Sage

‎11-03-2023 12:14 PM

Hi @harikcm :

 

Use this script, I run i BG and take some time to run:

 

var aclGR = new GlideRecord("sys_security_acl");
aclGR.addActiveQuery();
aclGR.query();

while(aclGR.next()){

    var aclRolesGR = new GlideRecord("sys_security_acl_role");
    aclRolesGR.addQuery("sys_security_acl", aclGR.getUniqueValue());
    aclRolesGR.query();
    if(!aclRolesGR.next()){
        //This ACL dont have assigned Role
        gs.print("The ACL: " + aclGR.name + " " + aclGR.operation + " dont have role assigned")
    }

}

I can't run in my dev instance because I have the CSM plugin that fill at least 1 rol "snc_internal or snc_external" on the ACLs. But that should work for you.

 

Hope that help you.

Go to solution
harikcm
Giga Contributor
In response to Marco0o1

‎11-03-2023 07:10 PM

@Marco0o1 This gave me ACLs with script and conditions not empty. Thanks for the response.

0 Helpfuls

Go to solution
Harish Bainsla
Kilo Patron
Kilo Patron

‎11-03-2023 04:57 PM

try this

var aclGR = new GlideRecord("sys_security_acl");
aclGR.addActiveQuery();
aclGR.query();

while (aclGR.next()) {
var hasRole = hasRoles(aclGR);
var hasCondition = !gs.nil(aclGR.condition);
var hasScript = !gs.nil(aclGR.script);

if (!hasRole && !hasCondition && !hasScript) {
gs.print("The ACL: " + aclGR.name + " " + aclGR.operation + " doesn't have roles, condition, or script assigned.");
}
}

function hasRoles(acl) {
var aclRolesGR = new GlideRecord("sys_security_acl_role");
aclRolesGR.addQuery("sys_security_acl", acl.getUniqueValue());
aclRolesGR.query();
return aclRolesGR.hasNext();
}

HarishBainsla_0-1699055852048.png

 

Go to solution
AnveshKumar M
Tera Sage
Tera Sage
In response to Harish Bainsla

‎11-03-2023 06:13 PM

Hi @harikcm 

ACL script and conditions are defined in the ACL record (sys_security_acl table) itself but the roles are defined in separate table called sys_security_acl_role. To query all 3 empty checks ACLs, you can use the following script.

 

var aclGr = new GlideRecord("sys_security_acl");

aclGr.addEncodedQuery("scriptISEMPTY^conditionISEMPTY"); //Script and Condition is empty

aclGr.addActiveQuery();

aclGr.query();

while(aclGr._next()){

   aclRoleGr = new GlideRecord("sys_security_acl_role");

   aclRoleGr.addQuery("sys_security_acl", aclGr.sys_id);

   aclRoleGr.query();

   if(!aclRoleGr._next()){

      gs.print(aclGr.sys_id);

   }

}

 

Please mark my answer helpful and accept as solution if it helped you 👍

Thanks,
Anvesh