How do you handle Inactive Users and Reactivations?

Steven Young · ‎08-24-2018

Hey Folks,

I've got kind of a weird question, but most of you will probably find it interesting.

This is about Active / Inactive & Locked out users.

So as you're probably aware, there is a Business Rule that prevents standard users from seeing deactivated users. So how do you guys handle reactivation of accounts?

So here's the background.
We are using ServiceNow for Managers to submit deactivation requests, which we have an integration with IDM/RSA that will deactivate the users in Active Directory, remove them from all groups, and do a few other things such as move them from the Active Users OU in AD to a deactivated users OU in AD. At this point, we also deactivate in ServiceNow.

So lets say that user gets rehired, (or if it was a contractor, that contract gets picked back up again in 2 weeks), Manager needs to submit a reactivation request.

Also, our Contracted users have a 1 year expiration date. So their accounts expire 1 year from the start date. Occasionally, an account expires and becomes inactive, but the account needs to be extended.

If they are Inactive in ServiceNow, that manager cant see their User Account, in order to submit a reactivation request.

What we were thinking about is creating a deactivated users table and have a few BR's running that when they get deactivated from the users table, add certain into to the deactivated users table, because this other table, end users can see the users on it.

We dont want to turn off the "User Query" business rule, because then you can see all deactivated users across the platform.

So how do you all handle your deactivated users, and how you reactivate them?

Ron1 · ‎01-22-2020

We had a similar requirement to allow managers to get access to the mailboxes of deactivated employees and needed to be able to pick from a list of inactive employees.

Prior to this solution, we never deactivated a user in the platform which became a nightmare to deal with over time. We've since started deactivating them and using this solution to fulfill the requirement; here's what we did:

Modified the "user query" business rule as such:

/**
 * Novant customization: if any encoded query 
 * on a user current record does not have criteria 
 * "is anything", add active query.
 * 
 * Added to allow catalog items to include inactive 
 * users on a per variable basis.
*/
var query = current.getEncodedQuery();
if(!query.includes('activeANYTHING')){
	current.addActiveQuery();
}

Modified the sys_user ref qual on the question like so.
Voilà! Bob's your uncle; works like a champ!

Note that we modify the OOB BR and annotate we've made a customization and why, so when we're reviewing skipped updates during a patch/upgrade, there is a level of understanding why so as to help with code merges for new SN code.

Hope this helps!

Jay Gamblin · ‎02-06-2024

I found a much simpler way. In my case I needed this to run from a script include so I just added gr.setWorkflow(false) before I executed the gliderecord query therefore the "user query" Business Rule did not get executed and did not limit the returned results. No need to modify the OOTB BR "user query".