Assign roles to groups based on group type

Marissa · ‎11-21-2019

Dear all,

I have 78 CAB groups, with varying 2 to 20 users per group. I need to assign the Approver role to these people. I have more groups than these, but the only thing that sets them apart is that they all have the type "CAB group". I was hoping I could get ServiceNow to assign the role based on group type, so I do not have to add it to each group individually, and it gets assigned automatically when Service Desk creates a new CAB group.

My requirements are:

- Assign role "approver_user"

- based on group type "Change CAB"

- When group Active = true

How can I best achieve this?

Thank you in advance.

Martin iTSM · ‎11-21-2019

Hi Marissa,

so you want that as soon as the group is updated or created having the type "Change CAB" to get the role "approver_user" , right? (Btw. what about removal of that type 🙂 ... does the approver_user role need to be removed then?)

If so go for Flow Designer.

Any members of the group should inherit the role due to their membership in that group.

Not fully tested - and might need some refinement (used itil group type etc.) - but it should give you a direction.

Hope this helps.

The flows take a moment to execute - so if your role doesn`t appear right after creating the group - reload after a few seconds 😉

Cheers!

Martin

View solution in original post

scott barnard1 · ‎11-21-2019

Hi

Put your approval role in parent group then make all your change groups children of that 1 group

Regards

Marissa · ‎11-21-2019

Hi Scott, thank you for the suggestion. I had considered that but this doesn't make the assignment automatically. Our Service Desk has a procedure and I'd rather not give them an extra step (add group to parent), but make it happen automatically with the procedure that they are already following (select group type). This also prevents any mistakes from being made (forgetting to add group to parent).

Thank you.

Martin iTSM · ‎11-21-2019

Hi Marissa,

so you want that as soon as the group is updated or created having the type "Change CAB" to get the role "approver_user" , right? (Btw. what about removal of that type 🙂 ... does the approver_user role need to be removed then?)

If so go for Flow Designer.

Any members of the group should inherit the role due to their membership in that group.

Not fully tested - and might need some refinement (used itil group type etc.) - but it should give you a direction.

Hope this helps.

The flows take a moment to execute - so if your role doesn`t appear right after creating the group - reload after a few seconds 😉

Cheers!

Martin

Marissa · ‎01-13-2020

Dear Martin,

Thank you for the tips! I've only had the time to look into this now. I have not yet worked with the flow designer, but I followed your instructions closely and was able to recreate what you made, for my groups (Type: Change CAB). Sadly, I am getting an error testing the flow. Could you look at the result and see what would need to be edited?

I've created a test group, with type Change Cab for the purpose (I have tested with an existing group too, to be sure, but that also fails)

Ive recreated your flow:

But running a test gives me this result:

Hoping you can have a look! You've helped me a lot so far!

Kind regards,

Marissa

Edit:
Could it perhaps be this part? You hadn't posted a screenshot of this part so I think I am missing something here:

Edit 2: Oh and yes.. of course the role needs to be removed if a user gets taken out of the group too 😛