How to remove inactive users from groups and revoke the access associated with that group?

Go to solution
Nivetha K1
Kilo Contributor

‎11-23-2020 12:41 AM

Hi All,

We've a requirement in our custom application "EDM" to revoke inactive user license based on groups. Please find the process of provisioning roles to users below and suggest some solution to invoke the access once that particular user profile is set to inactive.

We're working on a record producer where we have two important fields "Business owner" and "Technical owner". Once we fill these two fields and submit the request, users whom we've given as business owner and technical owner will be provisioned with below roles:

x_ecsr_edm.business_owner

x_ecsr_edm.texhnical_owner

But, current requirement is to revoke these roles as well as deleting the users from the edm groups once the user profile is set to active false and locked out.

I tried various scripts but none is working as expected using single script.

Can anyone help me with the best solution and process on how to achieve this?

Any feedback/suggestion would be highly helpful as our go live is nearing.

 

Thanks,

Nivetha K.

 

 

 

0 Helpfuls
  • 2,544 Views
1 ACCEPTED SOLUTION

Go to solution
Mouli Praneeth
Mega Expert

‎11-23-2020 12:52 AM

Hello Nivetha,

You can write  a before BR as below and add conditions to suit your requirements
find_real_file.png 

find_real_file.png

 

View solution in original post

Preview file
57 KB
Preview file
50 KB
12 REPLIES 12

Go to solution
Nivetha K1
Kilo Contributor

‎11-23-2020 12:49 AM

@Ankur Bawiskar 

 

Hi Ankur,

Good Day!

 

Is this something you can help me with, if possible?

 

Thanks,

Nivetha K.

 

 

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Nivetha K1

‎11-23-2020 01:01 AM

Hi,

Please share what have you tried so far.

on record producer submission you want

1) those 2 users to be given those roles

2) Then what?

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls

Go to solution
Nivetha K1
Kilo Contributor
In response to Ankur Bawiskar

‎11-23-2020 01:09 AM

Hi Ankur,

On submission of record producer, users whom we've given as Business owner and Technical owner will be provisioned with the above mentioned two roles by adding in EDM groups (EDM business owner and EDM Technical owner) automatically. This is working fine.

 

But, now we want to remove the users from EDM business owner and EDM Technical owner groups as well as the roles which gets added as part of this group should be revoked when that particular user profile is set to active false and locked out.

 

Thanks,

Nivetha K.

 

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Nivetha K1

‎11-23-2020 01:35 AM

@Nivetha K 

For this you would require after update BR on sys_user table

Condition: Active changes to False

1) Get the current user sys_id

2) check if that user belongs to EDM Business Owner or EDM Technical Owner group

3) if yes then remove that user from that group

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls