Bulk changing attestation respondents

LJ3 · ‎11-18-2019

When staff leave, how can we bulk change the respondents on the attestations assigned to them?

I tried using the below script, but it does nothing unfortunately (even though it gives me a long list of re-assigned, it doesn't actually reassign):

var actualRespondentsSysID = '(currentusersys_id)';
var newRespondentsSysID = 'newusersys_id';
var gr = new GlideRecord('sn_compliance_control');
gr.addQuery('Respondents', actualRespondentsSysID);
gr.addQuery('state!=retired');
gr.query();
while (gr.next()) {
gr.Respondents = newRespondentsSysID;
gs.info('Control Attestation ' + gr.number + ' re-assigned');
gr.setWorkflow(false); // Optional: Do not run any other business rules (can only be executed in Global scope)
gr.update();
}

I can export the xml and replace the <respondents>SYID</respondents> then re-import, I've tested this but this isn't ideal if a user leaves who is the owner and attestation respondent to a lot of controls...

jing3 · ‎11-18-2019

The proper step is to cancel any existing attestations and recreate them with the correct respondents (using out of box processes). Assuming that the Attestation respondents is the Profile Owner (Entity Owner), and thus the Control Owner, use the following steps:

1. find the Profile (Entity) this person own, uncheck "active", then "update", this will retire all related records (include cancel all outstanding Attestations)

2. Change the owner of the Profile (Entity) to the right person, check "active" again, update, this will set Contorl(s) in "draft" mode

3. bulk change the owner of the control(s) to the right owner

4. bulk change the control(s) status to "Attest", new Attestations will be created.

View solution in original post

Paulkontheriver · ‎03-14-2025

Thanks Jon, appreciate the help

jing3 · ‎11-18-2019

Correction: Before you change to "attest", check the Attestation Respondent also, change if as needed, the "attest"

LJ3 · ‎11-18-2019

Thanks Jing. This isn't the ideal way as this cancels all previous attestations - why would we do this? All previous attestations need to stay current, as the control itself is being passed to a new owner and respondent, nothing else changes regarding previous evidence.

jing3 · ‎11-18-2019

This related to record-keeping. Attestations are not transferable (and locked for modification). It is fine that you leave everything the way they are till the time of re-attesting (if your internal process allows). On the other hand, if the new person needs to take responsibility and your internal process needs them to attest, then you need to re-create attestation.

LJ3 · ‎11-18-2019

So if we have 80 controls owned by one user who leaves, we will need to:

Retire 80 controls, cancelling all previous attestations

Manually change Profile owners

Manually recreate 80 attestations and set the owners?

Surely not in this day and age of automated processes? There must be an easier way of managing GRC owners for profile, policy and controls...and attestation respondents.