Update users when removed from group

LRobinson · ‎05-16-2014

I need to update the user notification field based on the users removal from a specific group. I have considered a script to run on schedule that checks all users and determines whether or not they are a member of the group. I have also considered the possibility of a 'script action' to determine if the LDAP Group import Event removes a user from the group and updates the user record. Can anyone help me with a script to perform this function?

This is a version of something I've tried as a Business Rule on all sys_users, but it is not working:

Table: sys_user

When: after

updateNotification(current.user);

function updateNotification() {

var gr = new GlideRecord('sys_user');

gr.addQuery('sys_id','=',userSysID);

gr.query();

while (gr.next()) {

//Now see if they are a member of the group

var grpMbr = new GlideRecord('sys_user_grmember');

grpMbr.addQuery('name', 'Notification Disabled');

grpMbr.query();

if (grpMbr.next()) {

gr.notification = 1;

gr.update();

} else {

gr.notification = 2;

gr.update();

}

justin_drysdale · ‎05-16-2014

Hi, I made a generic function (member()) to check group membership. It takes a user sys id and a group name and returns true if they are in the group, false if they are not. It is tested/working in my instance.

This is meant to be used as a scheduled job, not a BR. You may have to change line 3 so it makes sense for your instance.

//Scheduled Job/Script:


var gr = new GlideRecord('sys_user');


       gr.addQuery('notification', '1');//querying all notification disabled users


       gr.query();


       while(gr.next()) {


           //iterating through disabled users, checking group membership:


           if( !member(gr.sys_id, 'Notification Disabled') ) {


           //if user is NOT a member of Notification Disabled:


               gr.notification = 2; //notification enabled


               gr.update();


           }


       }




function member(user_sys_id, group) {


           var group_check = new GlideRecord('sys_user_grmember');


                   group_check.addQuery('group.name', group);


                   group_check.addQuery('user', user_sys_id);


                   group_check.query();


                   if(group_check.next()) {


                       return true;


                   }else{


                       return false;


                   }


       }

View solution in original post

LRobinson · ‎05-16-2014

Hi, Thank you for your help! I tried these on the sys_user_grmember table.

Your first suggestion disabled added users, but did not re-enable removed users.

This version produced this error for each user removed:

Error running business rule 'Notification Update' on sys_user_grmember:73cb47906f742dc052d4e6c16e3ee427, exception: org.mozilla.javascript.EvaluatorException: The undefined value has no properties. (sys_script.820d0a106ff02dc052d4e6c16e3ee488; line 13)

randrews · ‎05-16-2014

i am a little confused as to why you are running the br on the sys user table... if they get removed from the group than an update is being made on the sys_user_grmember table... why not create a BR on this table that will email the customer on a delete?

LRobinson · ‎05-16-2014

I tried that script on sys_user_grmember as well, with no luck.

randrews · ‎05-16-2014

ok lets back up a little bit to the requirements.. are you intent on updating one update list... or do you just want to send an email to someone anytime they are removed from a group.. no matter why?

LRobinson · ‎05-16-2014

Hi Doug,

I am not trying to send an email. I want to update the notification field on the user record when the LDAP import removes users from the group. I need to select user records where notification = 1 (disabled), check their group membership, and if they are not in the the group, set notification = 2 (enabled). I currently have a transform script that sets notification = 1 when users are added to the group and it works fine.

Many thanks for your input!