- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2022 06:22 AM
Hi All,
We have an issue : "we ran into an issue where itil licenses were being removed the day after they were assigned. For example, I’ve added a person on a Monday and if they didn’t log in within 24 hours the license was removed."
Analysis : I troubleshoot the issue and i found there is one schedule job written and this ran daily 2 am est. Here is the script. Can any one help me how to fix this issue ( we ran into an issue where itil licenses were being removed the day after they were assigned. For example, I’ve added a person on a Monday and if they didn’t log in within 24 hours the license was removed.")
Script :
var excUsers = gs.getProperty('users.excluded.from.password.reset');
var usersGr = new GlideRecord("sys_user");
//usersGr.addEncodedQuery("sys_created_onRELATIVELT@dayofweek@ahead@30^last_loginISEMPTY^ORlast_loginRELATIVELT@dayofweek@ahead@30");
usersGr.addQuery('user_name', 'NOT IN', excUsers);
usersGr.addEncodedQuery("sys_created_onRELATIVELT@dayofweek@ago@60^active=true^last_login_timeRELATIVELT@dayofweek@ago@60^ORlast_login_timeISEMPTY");
usersGr.query();
//gs.log(usersGr.getRowCount());
while(usersGr.next()){
//gs.log('user='+usersGr.user_name);
var user_groupGr = new GlideRecord("sys_user_grmember");
user_groupGr.addQuery("user", usersGr.sys_id);
user_groupGr.query();
//gs.log(user_groupGr.next());
if(user_groupGr.next()){
user_groupGr.deleteMultiple(); // when removing user from groups , the roles are also removed
}
}
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2022 09:10 AM
I see, that is because you have "last login time is empty" so if they don't login at all, this is included. I would change your filter to:
sys_created_onRELATIVELT@dayofweek@ago@60^active=true^last_login_timeRELATIVELT@dayofweek@ago@60^last_loginISNOTEMPTY^NQsys_created_onRELATIVELT@dayofweek@ago@60^active=true^last_login_timeISEMPTY^ORDERBYDESClast_login_timeThis should find users who:
- Created 60 or more days ago
- Active is true
- Last login time is not empty and is 60 or more days ago
OR
- Created 60 or more days ago
- Active is true
- Last login time is empty
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2022 06:31 AM
What is the issue you're wanting to solve? Roles should be granted through groups, so if you're removing them from the group by deleting the sys_user_grmember record, they will lose their roles.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2022 07:06 AM
Hi Elijah,
Thanks for your reply,
actually we would like to reduce itil license. so, we have written the schedule job script which was above updated. Now the issue we have faced is this "we ran into an issue where itil licenses were being removed the day after they were assigned. For example, I’ve added a person on a Monday and if they didn’t log in within 24 hours the license was removed.")
Is it possible to modify anything in the above script to prevent this?
Please guide me?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2022 07:08 AM
When do you want the licenses removed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-14-2022 07:28 AM
Hi Elijah,
Suppose today if we provide ITIL license to user and if the user didnt login with in 24 or 48 hours, because of the schedule job script rans daily 2am est -- next day user who has provided license yesterday removing from the groups, roles -- so, guide me how to fix this issue --do i need to modify above schedule job script encoded query?
Please help me on this issue
