How to automatically remove roles and groups of a user after 14 days from the deactivation ?

Thej1 · ‎07-19-2024

HI,

I have two ways.

1. Flow designer

2. Created BR to store the timestamp of active changes to false to a custom and Then a schedule job to run. -

When i run this scheduled job script as background, it is not waiting for the time specified. It immediatly runs and removes the roles and groups. same with when i run the schedule job.

Here is the code. In schedule job the same code is days replaced with minutes. Please help me on this.

Background script:

(function() {

var DEACTIVATION_MINUTES = 2;

var userId = '16d3034787f8c6d09772cb76cebb35ad';

var now = new GlideDateTime();

var cutoffDateTime = new GlideDateTime();

cutoffDateTime.addMinutesUTC(-DEACTIVATION_MINUTES);

// Query for the specific deactivated user

var userGR = new GlideRecord('sys_user');

userGR.addQuery('sys_id', userId);

userGR.addQuery('active', false);

userGR.addQuery('u_inactivated_time', '<=', cutoffDateTime);

userGR.query();

gs.info('--> user role remove' + 'u_inactivated_time');

if (userGR.next()) {

// Remove user from groups

var groupMemberGR = new GlideRecord('sys_user_grmember');

groupMemberGR.addQuery('user', userId);

groupMemberGR.query();

while (groupMemberGR.next()) {

groupMemberGR.deleteRecord();

}

// Remove user roles

var userRoleGR = new GlideRecord('sys_user_has_role');

userRoleGR.addQuery('user', userId);

userRoleGR.query();

while (userRoleGR.next()) {

userRoleGR.deleteRecord();

}

})();

@Ankur Bawiskar @Community Alums @

Jake Sadler · ‎07-19-2024

Hi @Thej1 ,

Does this user need to be wiped of groups and roles immediately on 14 days?

If it doesn't a daily scheduled job with a gliderecord query on the user table with the conditions of active = false, deactivated time is greater than 14 days will pick up all users deactivated over 14 days ago and wipe them.

Thej1 · ‎07-19-2024

HI,

After the user deactivated, it should wait for 14 days and then removes groups and roles which he is a part of.

Any code changes required ?

The above code is not waiting for 14days, when i run schedule job it is removing roles and groups immediatley.

Thanks

Sid_Takali · ‎07-19-2024

Hi @Thej1 Try below code

(function() {
    var DEACTIVATION_MINUTES = 2;
    
    var now = new GlideDateTime();
    var cutoffDateTime = new GlideDateTime();
    cutoffDateTime.addMinutesUTC(-DEACTIVATION_MINUTES);
    
    var userId = '16d3034787f8c6d09772cb76cebb35ad';
    var userGR = new GlideRecord('sys_user');
    userGR.addQuery('sys_id', userId);
    userGR.addQuery('active', false);
    userGR.addQuery('u_inactivated_time', '<=', cutoffDateTime);
    userGR.query();
    
    if (userGR.next()) {
        // Remove user from groups
        var groupMemberGR = new GlideRecord('sys_user_grmember');
        groupMemberGR.addQuery('user', userId);
        groupMemberGR.query();
        while (groupMemberGR.next()) {
            groupMemberGR.deleteRecord();
        }

        var userRoleGR = new GlideRecord('sys_user_has_role');
        userRoleGR.addQuery('user', userId);
        userRoleGR.query();
        while (userRoleGR.next()) {
            userRoleGR.deleteRecord();
        }
        
        gs.info('User ' + userGR.name + ' roles and groups removed.');
    } else {
        gs.info('No deactivated user found or user not eligible for removal.');
    }
})();