Role Auditing - Who Removed The Role?

Go to solution
arobertson
Tera Guru

‎09-03-2014 08:28 AM

Hi All,

 

Is there a way i can tell who removed a role/group from a user?

 

Regards,

0 Helpfuls
  • 5,112 Views
1 ACCEPTED SOLUTION

Go to solution
Brad Tilton
ServiceNow Employee
ServiceNow Employee

‎09-03-2014 08:34 AM

Hi Alex,



When you remove a role from a user, you're actually deleting a record on the sys_user_has_role table. Because of this, you can look at the deleted records table for records where the table name is sys_user_has_role. So if I was looking for who removed some admin roles I could search for records on the sys_user_has_role where the payload contains admin and payload contains my user. Whoever created the deleted item record is the person who removed the role.528762705a.png


View solution in original post

3 REPLIES 3

Go to solution
Brad Tilton
ServiceNow Employee
ServiceNow Employee

‎09-03-2014 08:34 AM

Hi Alex,



When you remove a role from a user, you're actually deleting a record on the sys_user_has_role table. Because of this, you can look at the deleted records table for records where the table name is sys_user_has_role. So if I was looking for who removed some admin roles I could search for records on the sys_user_has_role where the payload contains admin and payload contains my user. Whoever created the deleted item record is the person who removed the role.528762705a.png


Go to solution
Subhajit1
Giga Guru

‎09-03-2014 08:37 AM

Hi Alex,


This should be visible from the Audit History of the Record. Since Roles are held in Relationship tables, you should see them as Audit number =-1 in the list view of the Audit history.



Thanks,


Subhajit


0 Helpfuls

Go to solution
marcguy
ServiceNow Employee
ServiceNow Employee
In response to Subhajit1

‎09-03-2014 08:41 AM

there's also the Audit Roles (sys_audit_role) table which contains who added/removed a user from a role, when etc.


0 Helpfuls