Hi,

Please check in user table in roles field if he is having roles or not then remove it from there.

Hi @Community Alums 

In ServiceNow, roles can be inherited in several ways, and if you're seeing roles marked as inherited (`inherited = true`) in the `sys_user_has_role` table for users who are not part of any groups, there are a few potential causes:

1. Role Inheritance from Other Roles: ServiceNow allows roles to inherit from other roles. If a user has a role that is a parent role to other roles, those child roles will appear as inherited even if the user is not part of any group.

2. Group Inheritance: Even though you mentioned the user is not part of any groups, it's worth double-checking that there are no groups indirectly associated with the user. Sometimes, group membership can be overlooked, especially if it's through a less obvious association.

3. Default Roles: Some roles are assigned to new users by default. These roles are typically set up to be automatically granted to all new users and might appear as inherited.

4. Data Inconsistency: There might be a data inconsistency or corruption in the instance that is causing roles to appear as inherited incorrectly.

To delete such entries from the `sys_user_has_role` table, you can create a script to run through all the user records and remove the roles that are marked as inherited but do not have a clear inheritance path. Here's a general idea of how you might script this in ServiceNow:

// This script is for demonstration purposes only. Please test thoroughly in a sub-production instance before running in production.

var userHasRoleGR = new GlideRecord('sys_user_has_role');
userHasRoleGR.addQuery('inherited', true);
userHasRoleGR.query();

while (userHasRoleGR.next()) {
    // Check if the role is actually inherited from a group or another role
    var roleInheritanceMapGR = new GlideRecord('sys_user_role_contains');
    roleInheritanceMapGR.addQuery('sys_user_role', userHasRoleGR.role);
    roleInheritanceMapGR.query();

    var isInherited = false;
    while (roleInheritanceMapGR.next()) {
        isInherited = true;
        break;
    }

    // If the role is not inherited from another role, delete the record
    if (!isInherited) {
        userHasRoleGR.deleteRecord();
    }
}

// Note: This script does not account for all possible scenarios and should be adapted to fit your specific requirements.

To run this script:

1. Navigate to System Definition > Scripts - Background
2. Copy and paste the script into the "Run script" text box.
3. Click the "Run script" button to execute the script.

Important: Before running any script that deletes data, it is crucial to:

- Understand the script and modify it according to your specific needs.
- Test the script in a non-production environment to ensure it behaves as expected.
- Back up your data or ensure you have a rollback plan in case the script does not work as intended.
- Consider the implications of removing roles from users, as this could impact their access to various parts of the ServiceNow platform.

Please mark this response as correct or helpful if it assisted you with your question.

Hi @Community Alums 

I agree with @Sandeep Rajput  here. As role count is less , easy to check atleast for 1 user and then you can create a report to get all users like this.