How to automatically remove a user who is inactive from all roles and groups automatically?

Lauren Martinez
Kilo Explorer

‎09-28-2020 11:13 AM

I do not want to delete the user record from the sys_user table, just remove the associated roles.
Example, removing ITIL. 
I know I could have a scheduled job, with a script. I am not a developer so any assistance would be appreciated. I was trying to do this function with no code in flow designer but it would not allow me to dot walk to the roles action. Also, could apply via Business rule but also would need a script. Unless there is a glide reference that could be applied within the action field. 

 

Thanks for your help! 

Labels:
0 Helpfuls
  • 6,429 Views
6 REPLIES 6

ServiceNowSteve
Giga Guru

‎09-28-2020 11:33 AM

I've done this with my company. Here's my code I use in my scheduled script every day

 

Be careful doing this though, make sure you don't disable any system accounts on accident. Adjust the getUsers.addQuery line below to add users who shouldn't be removed.

 

Condition Box (Optional)

var gdt = new GlideDateTime();
var dow = gdt.getDayOfWeekLocalTime();

if (dow < 6) //the 6 is the 6th day in the week (Saturday) so we are looking to only run this on days 1-5 or Monday - Friday
{
answer = true;
}

 

Script

//Find users who have not logged into the platform in the last 45 days
var getUsers = new GlideRecord('sys_user');
getUsers.addQuery('last_login_timeRELATIVELT@dayofweek@ago@45^user_nameNOT LIKEMid.Server');
getUsers.query();


while(getUsers.next())
	{
		//Set the users name to a variable.
		var userName = getUsers.getDisplayValue('sys_id');
		
		//Check the group membership table to see if they are a member of any groups
		var grMember = new GlideRecord('sys_user_grmember');	
		grMember.addQuery('user=' + userName);
		grMember.query();
		
		while(grMember.next())
			{		
				grMember.deleteRecord();						
			}
						
		
		//Now let's check the roles table to ensure nothing was left behind
		var chkRole = new GlideRecord('sys_user_has_role');
		chkRole.addQuery('user=' + userName);
		chkRole.query();

		while(chkRole.next())
		{	
			//Delete left over roles
			chkRole.deleteRecord();				
		}		
	}

Yash Agrawal1
Tera Guru

‎09-28-2020 11:35 AM

Hello Laur,

You answer is in you question only.

Flow degisner provide code less flow,and some time it is difficult to configure flow desginer for such type of requirment.where you need to perform complex operation.

So i would suggest you to go with either scheduled job or business rule.

Whats wrong to use code 

You can use below script in scheduled job.

var gr=new GlideRecord('sys_user_grmember');//table where all user-group relationshil is stored
gr.query();
while(gr.next())
{
   if(gr.user.active==false)
    gr.deleteRecord();
}


var gr=new GlideRecord('sys_user_has_role');//table where all user-role relationshil is stored
gr.query();
while(gr.next())
{
   if(gr.user.active==false)
    gr.deleteRecord();
}

Please mark the answer as Correct if it resolved you query.

Regards

Yash Agrawal

0 Helpfuls

sachin_namjoshi
Kilo Patron
Kilo Patron

‎09-28-2020 11:38 AM

You could definitely do this with flow designer. Use below flow in flow designer to remove roles from user

find_real_file.png

 

Preview file
317 KB

Feroz1
Tera Contributor
In response to sachin_namjoshi

‎08-29-2022 04:28 AM

@sachin.namjoshi can you provide all steps ?

0 Helpfuls