how to provide security admin role to a user using script in servicenow

Debasis Pati
Tera Guru

‎03-10-2023 01:10 AM

We have a security admin group and from script i am trying to add a member in the group.

for this i am first creating one record in sysevent table then i am adding the user to the particular group using script still no luck.

 

@Ankur Bawiskar any suggestions?

 

Regards,

Debasis

0 Helpfuls
  • 965 Views
8 REPLIES 8

Gunjan Kiratkar
Kilo Patron
Kilo Patron
In response to Debasis Pati

‎03-10-2023 01:46 AM - edited ‎03-10-2023 01:47 AM

Hi @Debasis Pati ,

Sample script to provide role using script ;-

 

var grRole = new GlideRecord('sys_user_has_role');
    grRole.initialize();
    grRole.user='user_sysid';
    grRole.role='role_sysid';
    grRole.insert();

 


Please Mark My Response as Correct/Helpful based on Impact
Regards,
Gunjan Kiratkar
2X ServiceNow MVP
Community Rising Star 2022
Youtube : ServiceNow Guy
0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Debasis Pati

‎03-10-2023 02:01 AM

@Debasis Pati 

Can you share all your scripts and error screenshots as well

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Debasis Pati
Tera Guru
In response to Ankur Bawiskar

‎03-11-2023 04:16 AM

i am using the script in workflow activity and the activity is running fine but its not adding the user to the group and hence not providing the role as well.No script errors are also coming

0 Helpfuls

Community Alums
Not applicable

‎03-11-2023 05:12 AM

Not sure how good idea it is - as this bring lots of security issues if not designed well - but you can check the UI Script ElevatedRole . Check UI Page elevated_role_dialog as well. You have GlideSecurityManager which you can invoke to elevate priviliges. This should be done when you impersonate (script done) admin user, then grant elevated , then assign security_manager.

Will take some time to make it work, but its doable for sure, as I personally done it few year back.

Still, better to handle this process differently - not everyone needs security rights .

 

Hope this helps a bit!

Cheers,

Joro

0 Helpfuls