Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2025 04:27 AM
then you can use workflow run script and use this pseudo code to add groups and roles
After the run script you can close the RITM and REQ
// Inputs:
// - current: GlideRecord of the request item record (e.g. sc_req_item)
// - current.variables.mirror_id assumed to have sys_id of the reference user
// - current.requested_for or current.variables.requested_for points to new user sys_id
var mirrorUserSysId = current.variables.mirror_id; // Reference user sys_id
var newUserSysId = current.variables.requested_for || current.request.requested_for;
if (!mirrorUserSysId || !newUserSysId) {
gs.info('Mirror user or new user not provided. Skipping role/group mirroring.');
return;
}
// --- Mirror group memberships ---
var grGroupMember = new GlideRecord('sys_user_grmember');
grGroupMember.addQuery('user', mirrorUserSysId);
grGroupMember.query();
while (grGroupMember.next()) {
var groupID = grGroupMember.group.toString();
// Check if newUser is already member
var grExists = new GlideRecord('sys_user_grmember');
grExists.addQuery('user', newUserSysId);
grExists.addQuery('group', groupID);
grExists.query();
if (!grExists.next()) {
// Add new user to group
var grNewMember = new GlideRecord('sys_user_grmember');
grNewMember.initialize();
grNewMember.user = newUserSysId;
grNewMember.group = groupID;
grNewMember.insert();
gs.info('Added user ' + newUserSysId + ' to group ' + groupID);
}
}
// --- Mirror roles assigned directly to the mirrorUser (excluding roles inherited from groups) ---
var addedRoles = [];
var grRoleMember = new GlideRecord('sys_user_has_role');
grRoleMember.addQuery('user', mirrorUserSysId);
grRoleMember.addQuery('inherited', false); // Only direct roles, not inherited from group
grRoleMember.query();
while (grRoleMember.next()) {
var roleID = grRoleMember.role.toString();
// Check if new user already has the role
var grRoleCheck = new GlideRecord('sys_user_has_role');
grRoleCheck.addQuery('user', newUserSysId);
grRoleCheck.addQuery('role', roleID);
grRoleCheck.query();
if (!grRoleCheck.next()) {
// Assign direct role
var grNewUserRole = new GlideRecord('sys_user_has_role');
grNewUserRole.initialize();
grNewUserRole.user = newUserSysId;
grNewUserRole.role = roleID;
grNewUserRole.inherited = false;
grNewUserRole.insert();
addedRoles.push(roleID);
gs.info('Added role ' + roleID + ' to user ' + newUserSysId);
}
}I hope I answered your question and you can enhance the logic further based on your requirement and developer skills
If my response helped please mark it correct and close the thread so that it benefits future readers.
Regards,
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader
Ankur
✨ Certified Technical Architect || ✨ 10x ServiceNow MVP || ✨ ServiceNow Community Leader
