How to remove inactive users from groups and revoke the access associated with that group?

Go to solution
Nivetha K1
Kilo Contributor

‎11-23-2020 12:41 AM

Hi All,

We've a requirement in our custom application "EDM" to revoke inactive user license based on groups. Please find the process of provisioning roles to users below and suggest some solution to invoke the access once that particular user profile is set to inactive.

We're working on a record producer where we have two important fields "Business owner" and "Technical owner". Once we fill these two fields and submit the request, users whom we've given as business owner and technical owner will be provisioned with below roles:

x_ecsr_edm.business_owner

x_ecsr_edm.texhnical_owner

But, current requirement is to revoke these roles as well as deleting the users from the edm groups once the user profile is set to active false and locked out.

I tried various scripts but none is working as expected using single script.

Can anyone help me with the best solution and process on how to achieve this?

Any feedback/suggestion would be highly helpful as our go live is nearing.

 

Thanks,

Nivetha K.

 

 

 

0 Helpfuls
  • 2,554 Views
1 ACCEPTED SOLUTION

Go to solution
Mouli Praneeth
Mega Expert

‎11-23-2020 12:52 AM

Hello Nivetha,

You can write  a before BR as below and add conditions to suit your requirements
find_real_file.png 

find_real_file.png

 

View solution in original post

Preview file
57 KB
Preview file
50 KB
12 REPLIES 12

Go to solution
Nivetha K1
Kilo Contributor
In response to Ankur Bawiskar

‎11-23-2020 01:54 AM

Hi Ankur,

 

I tried to delete the users first from sys_user_has_role table using the attached script but it is not working. 

Can you please let me know what is the issue with the script?

 

Thanks,

Nivetha K.

Preview file
29 KB
Preview file
33 KB
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Nivetha K1

‎11-23-2020 02:02 AM

Hi,

this is the issue

line number 4

update as below

userRole.addQuery('user', current.sys_id);

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader

Go to solution
Nivetha K1
Kilo Contributor
In response to Ankur Bawiskar

‎11-23-2020 03:49 AM

Thanks for your inputs, Ankur.

 

This script is working fine now and roles are getting deleted in personal instance.

But, when I try the same in my application, am getting cross scope error. (screenshot attached).

I cross checked the roles table and application access with my personal instance but everything is same. Still, am getting the attached error.

 

Thanks,

Nivetha K.

Preview file
159 KB
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Nivetha K1

‎11-23-2020 04:04 AM

Hi Nivetha,

it is not allowing to delete record from sys_user_has_role

Open that table

Set Can Delete Checkbox

find_real_file.png

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
Preview file
34 KB

Go to solution
Ankur Bawiskar
Tera Patron
Tera Patron
In response to Nivetha K1

‎11-30-2020 11:31 PM

@Nivetha K 

Did you mistakenly mark other response as correct.

As per your comments my reply helped you making the script work fine.

Would you mind marking my response as correct if I was able to help/guide you

Regards
Ankur

Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader