Users with snc_read_only role can reset their own password on login page

shivaD154558313 · ‎06-20-2024

There are some users with role "snc_read_only" which makes complete read only access to the platform. Users field "password needs reset" will be checked after 3 months, When the users tries to login, they asked to change password with current password and new password, But they cannot change password because they are having snc_read_only role.
I tried by giving sys_user value to the sys_property "glide.security.snc_read_only_role.tables.exempt_write", But it is making users to set password from user table, not from the login page.

Can any one please let me know your inputs to achieve this functionality.

Regards,

Shiva

Dnyaneshwaree · ‎07-11-2024

Hello @shivaD154558313 ,

Refer below code as an example and update it as per your req:
Create new Script include:(client callable: false)

var PasswordResetExempt = Class.create();
PasswordResetExempt.prototype = {
    initialize: function() {
    },
    
    isExempt: function(userSysId) {
        var user = new GlideRecord('sys_user');
        if (user.get(userSysId)) {
            if (user.roles.indexOf('snc_read_only') > -1) {
                return true;
            }
        }
        return false;
    },
    
    type: 'PasswordResetExempt'
};

Create new UI script:

(function() {
    var userId = g_user.userID;
    var passwordResetExempt = new GlideAjax('PasswordResetExempt');
    passwordResetExempt.addParam('sys_id', userId);
    passwordResetExempt.getXMLAnswer(function(response) {
        var isExempt = response.responseXML.documentElement.getAttribute('answer');
        if (isExempt === 'true') {
            // Add logic to allow password reset on the login page
            // Example: Show the password reset fields and handle the form submission
        }
    });
})();

Please accept my solution if it works for you and thumps up to mark it as helpful.
Thank you!!

Dnyaneshwaree Satpute
Tera Guru