Update users when removed from group

LRobinson
Giga Contributor

I need to update the user notification field based on the users removal from a specific group.   I have considered a script to run on schedule that checks all users and determines whether or not they are a member of the group.   I have also considered the possibility of a 'script action' to determine if the LDAP Group import Event removes a user from the group and updates the user record.   Can anyone help me with a script to perform this function?  

This is a version of something   I've tried as a Business Rule on all sys_users, but it is not working:

 

Table: sys_user

When: after

 

updateNotification(current.user);

function updateNotification() {

  var gr = new GlideRecord('sys_user');

  gr.addQuery('sys_id','=',userSysID);

  gr.query();

  while (gr.next()) {

 

  //Now see if they are a member of the group

  var grpMbr = new GlideRecord('sys_user_grmember');

  grpMbr.addQuery('name', 'Notification Disabled');

  grpMbr.query();

  if (grpMbr.next()) {

  gr.notification = 1;

  gr.update();

  } else {

  gr.notification = 2;

  gr.update();

  }

  }

}

1 ACCEPTED SOLUTION

Hi, I made a generic function (member()) to check group membership.   It takes a user sys id and a group name and returns true if they are in the group, false if they are not.   It is tested/working in my instance.



This is meant to be used as a scheduled job, not a BR.   You may have to change line 3 so it makes sense for your instance.



//Scheduled Job/Script:


var gr = new GlideRecord('sys_user');


      gr.addQuery('notification', '1');//querying all notification disabled users


      gr.query();


      while(gr.next()) {


          //iterating through disabled users, checking group membership:


          if( !member(gr.sys_id, 'Notification Disabled') ) {


          //if user is NOT a member of Notification Disabled:


              gr.notification = 2; //notification enabled


              gr.update();


          }


      }



function member(user_sys_id, group) {


          var group_check = new GlideRecord('sys_user_grmember');


                  group_check.addQuery('group.name', group);


                  group_check.addQuery('user', user_sys_id);


                  group_check.query();


                  if(group_check.next()) {


                      return true;


                  }else{


                      return false;


                  }


      }


View solution in original post

16 REPLIES 16

Hi, Thank you for your help!   I tried these on the sys_user_grmember table.


Your first suggestion disabled added users, but did not re-enable removed users.  


This version produced this error for each user removed:


Error running business rule 'Notification Update' on sys_user_grmember:73cb47906f742dc052d4e6c16e3ee427, exception: org.mozilla.javascript.EvaluatorException: The undefined value has no properties. (sys_script.820d0a106ff02dc052d4e6c16e3ee488; line 13)









randrews
Tera Guru

i am a little confused as to why you are running the br on the sys user table... if they get removed from the group than an update is being made on the sys_user_grmember table... why not create a BR on this table that will email the customer on a delete?


I tried that script on sys_user_grmember as well, with no luck.


ok lets back up a little bit to the requirements.. are you intent on updating one update list... or do you just want to send an email to someone anytime they are removed from a group.. no matter why?


Hi Doug,


I am not trying to send an email.   I want to update the notification field on the user record when the LDAP import removes users from the group.   I need to select user records where notification = 1 (disabled), check their group membership, and if they are not in the the group, set notification = 2 (enabled).   I currently have a transform script that sets notification = 1 when users are added to the group and it works fine.



Many thanks for your input!