script to scan ACL with empty conditions, script and roles

harikcm · ‎11-03-2023

Hello Community,

I need a background script to query the ACLs which doesn't have any condition, script or Roles.

I got my script working for Conditions and Script but roles part I'm unable to find a way.

Did anyone did this already?

AnveshKumar M · ‎11-03-2023

ACL script and conditions are defined in the ACL record (sys_security_acl table) itself but the roles are defined in separate table called sys_security_acl_role. To query all 3 empty checks ACLs, you can use the following script.

var aclGr = new GlideRecord("sys_security_acl");

aclGr.addEncodedQuery("scriptISEMPTY^conditionISEMPTY"); //Script and Condition is empty

aclGr.addActiveQuery();

aclGr.query();

while(aclGr._next()){

aclRoleGr = new GlideRecord("sys_security_acl_role");

aclRoleGr.addQuery("sys_security_acl", aclGr.sys_id);

aclRoleGr.query();

if(!aclRoleGr._next()){

gs.print(aclGr.sys_id);

}

Please mark my answer helpful and accept as solution if it helped you 👍✅

Thanks,
Anvesh

View solution in original post

harikcm · ‎11-03-2023

@Harish Bainsla This is also giving me ACL with script and conditions not empty.

AnveshKumar M · ‎11-03-2023

Hello @harikcm