User Cleanup not removing user's roles that are "inherited"?

Go to solution
Leo Ruggiero
Tera Contributor

‎12-13-2022 06:05 AM

Hey everyone! I typed out a fix script that is designed to checked for users that are inactive and have a termination code on their AD Attribute 5 field. Then to delete those roles and groups from the user. It worked out perfectly and did exactly what I was needing, however, we noticed that if the role is "inherited" as true. The script does not remove them. Nor can I remove them manually. Here's the script I am using;

 

removeUserGroups();
function removeUserGroups(){
    var grHasGroup = new GlideRecord('sys_user_grmember');
    grHasGroup.addEncodedQuery('user.active=false^user.u_ad_attribute_5=001^ORuser.u_ad_attribute_5=002');
	//grHasGroup.setLimit(1);
    grHasGroup.query();
    while(grHasGroup.next()) {
        grHasGroup.deleteRecord();
    }
}
removeUserRoles();
function removeUserRoles(){
    var grHasRoles = new GlideRecord('sys_user_has_role');
    grHasRoles.addEncodedQuery('user.active=false^user.u_ad_attribute_5=001^ORuser.u_ad_attribute_5=002');
	//grHasRoles.setLimit(1);
    grHasRoles.query();
    while(grHasRoles.next()) {
        grHasRoles.deleteRecord();
    }
}

 

Any ideas on why "Inherited" roles aren't being removed and why I can't remove them manually either?

0 Helpfuls
  • 771 Views
1 ACCEPTED SOLUTION
3 REPLIES 3

Go to solution
Leo Ruggiero
Tera Contributor
In response to Community Alums

‎12-13-2022 06:22 AM

This is almost definitely what the issue is. Going to report this to HI and see if they can get this fixed up for us. Thank you so much for your assistance on this. Can't believe I hadn't found this previously. Spent HOURS searching for something like this. Guess I was just using the wrong keywords. Haha

0 Helpfuls

Go to solution
Community Alums
Not applicable
In response to Leo Ruggiero

‎12-13-2022 06:31 AM

No Worries @Leo Ruggiero , it happens sometimes !! Glad to see i could be help.

0 Helpfuls