Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

script to scan ACL with empty conditions, script and roles

Go to solution
harikcm
Giga Contributor

‎11-03-2023 06:37 AM

Hello Community,

I need a background script to query the ACLs which doesn't have any condition, script or Roles.

 

I got my script working for Conditions and Script but roles part I'm unable to find a way.

 

Did anyone did this already?

0 Helpfuls
  • 2,089 Views
1 ACCEPTED SOLUTION

Go to solution
AnveshKumar M
Tera Sage
Tera Sage

‎11-03-2023 06:13 PM

Hello @harikcm 

 

ACL script and conditions are defined in the ACL record (sys_security_acl table) itself but the roles are defined in separate table called sys_security_acl_role. To query all 3 empty checks ACLs, you can use the following script.

 

 

 

var aclGr = new GlideRecord("sys_security_acl");

 

aclGr.addEncodedQuery("scriptISEMPTY^conditionISEMPTY"); //Script and Condition is empty

 

aclGr.addActiveQuery();

 

aclGr.query();

 

while(aclGr._next()){

 

   aclRoleGr = new GlideRecord("sys_security_acl_role");

 

   aclRoleGr.addQuery("sys_security_acl", aclGr.sys_id);

 

   aclRoleGr.query();

 

   if(!aclRoleGr._next()){

 

      gs.print(aclGr.sys_id);

 

   }

 

}

 

 

 

Please mark my answer helpful and accept as solution if it helped you 👍

Thanks,
Anvesh

View solution in original post

7 REPLIES 7

Go to solution
harikcm
Giga Contributor
In response to Harish Bainsla

‎11-03-2023 07:11 PM

@Harish Bainsla This is also giving me ACL with script and conditions not empty.

0 Helpfuls

Go to solution
AnveshKumar M
Tera Sage
Tera Sage

‎11-03-2023 06:13 PM

Hello @harikcm 

 

ACL script and conditions are defined in the ACL record (sys_security_acl table) itself but the roles are defined in separate table called sys_security_acl_role. To query all 3 empty checks ACLs, you can use the following script.

 

 

 

var aclGr = new GlideRecord("sys_security_acl");

 

aclGr.addEncodedQuery("scriptISEMPTY^conditionISEMPTY"); //Script and Condition is empty

 

aclGr.addActiveQuery();

 

aclGr.query();

 

while(aclGr._next()){

 

   aclRoleGr = new GlideRecord("sys_security_acl_role");

 

   aclRoleGr.addQuery("sys_security_acl", aclGr.sys_id);

 

   aclRoleGr.query();

 

   if(!aclRoleGr._next()){

 

      gs.print(aclGr.sys_id);

 

   }

 

}

 

 

 

Please mark my answer helpful and accept as solution if it helped you 👍

Thanks,
Anvesh

Go to solution
harikcm
Giga Contributor
In response to AnveshKumar M

‎11-03-2023 07:09 PM

@AnveshKumar M Thanks! It worked exactly.

0 Helpfuls