Business Rule not Applying to users LDAP import

JayAdmin_16 · ‎04-22-2025

We currently have three sets of Business Rules that manage the assignment of the Business Stakeholder role, which is granted through a group. These rules are applied to three different tables: one targets managers via the sys_user table, another applies to Department Heads through the cmn_department table, and the third is based on values in the system property table. All 3 Business rules have the same logic applied.

With LDAP integration enabled in our ServiceNow environment, we've encountered an issue with the Business Rule associated with the sys_user table. Specifically, users identified as managers (i.e., those listed in the manager field of another user's profile) are not consistently receiving the expected access when user records are imported via LDAP. As a result, the Business Stakeholder role is not always correctly assigned to those managers. Even with the settings/configuration applied below, the business rule doesn't seem to apply the way we intended.

(function executeRule(current, previous /*null when async*/ ) {
    if (current.manager != '') {
        var gr = new GlideRecord('sys_user_grmember');

        gr.addEncodedQuery('group=GROUP_ID^user=' + current.manager.toString());
        gr.query();
        if (!gr.next()) {
            gr.initialize();
            gr.setValue('user', current.manager.toString());
            gr.setValue('group', 'GROUP_ID');
            gr.insert();
        }
    }
    if (previous.manager != '') {
        var mgr = new GlideRecord('sys_user');
        mgr.addQuery('manager', previous.manager.toString());
        mgr.query();
        var sowner = new GlideRecord('cmdb_ci_service');
        sowner.addQuery('owned_by', previous.manager.toString());
        sowner.query();
        var ed = new GlideRecord('cmn_department');
        ed.addQuery('primary_contact', previous.manager.toString());
        ed.query();
        if (sowner.getRowCount() <= 1 || mgr.getRowCount() <= 1 || ed.getRowCount() <= 1 || ceo.hasNext()) {
            var gr1 = new GlideRecord('sys_user_grmember');
            gr1.addEncodedQuery('group=GROUP_ID^user=' + previous.manager.toString());
            gr1.query();
            if (gr1.next()) {
                gr1.deleteRecord();
                gs.info('Manager ' + previous.manager.toString() + ' removed from the business stakeholders group.');
            }
        }
    }

})(current, previous);

What would be a good way to manage all 3 codes within a buisness rule, and apply these business rules in a way that can dynamically keep up with the constant importation of LDAP? Any ideas or suggestions welcome, thank you!

Chaitanya ILCR · ‎04-22-2025

Hi @JayAdmin_16 ,

check if run business rules check box is checked on your ladap transform map and enable it

Please mark my answer as helpful/correct if it resolves your query.

Regards,
Chaitanya

JayAdmin_16 · ‎04-22-2025

Hi @Chaitanya ILCR - my LDAP Transform map looks the exact same to your screenshot, and the "Run business rules" is checked. Unfortunately it still doesn't resolve the problem. Thank you for your reply though!

Ankur Bawiskar · ‎04-22-2025

@JayAdmin_16

try to use combine rule to handle entire logic

something like this

(function executeRule(current, previous /*null when async*/) {
    // Check if the current record is from the sys_user table
    if (current.getTableName() == 'sys_user' && current.manager != '') {
        assignBusinessStakeholderRole(current.manager);
    }

    // Check if the current record is from the cmn_department table
    if (current.getTableName() == 'cmn_department' && current.primary_contact != '') {
        assignBusinessStakeholderRole(current.primary_contact);
    }

    // Check if the current record is from the system properties table
    if (current.getTableName() == 'sys_properties' && current.property_value != '') {
        assignBusinessStakeholderRole(current.property_value);
    }

    // Function to assign the Business Stakeholder role
    function assignBusinessStakeholderRole(userId) {
        var gr = new GlideRecord('sys_user_grmember');
        gr.addEncodedQuery('group=GROUP_ID^user=' + userId);
        gr.query();
        if (!gr.next()) {
            gr.initialize();
            gr.setValue('user', userId);
            gr.setValue('group', 'GROUP_ID');
            gr.insert();
        }
    }

    // Function to remove the Business Stakeholder role
    function removeBusinessStakeholderRole(userId) {
        var gr = new GlideRecord('sys_user_grmember');
        gr.addEncodedQuery('group=GROUP_ID^user=' + userId);
        gr.query();
        if (gr.next()) {
            gr.deleteRecord();
            gs.info('User ' + userId + ' removed from the business stakeholders group.');
        }
    }

    // Handle previous manager removal logic
    if (previous.manager != '') {
        var mgr = new GlideRecord('sys_user');
        mgr.addQuery('manager', previous.manager.toString());
        mgr.query();
        var sowner = new GlideRecord('cmdb_ci_service');
        sowner.addQuery('owned_by', previous.manager.toString());
        sowner.query();
        var ed = new GlideRecord('cmn_department');
        ed.addQuery('primary_contact', previous.manager.toString());
        ed.query();
        if (sowner.getRowCount() <= 1 || mgr.getRowCount() <= 1 || ed.getRowCount() <= 1) {
            removeBusinessStakeholderRole(previous.manager.toString());
        }
    }
})(current, previous);

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader