Users are removed from the groups the day after they were assigned??Please guide me on this to fix??

Divya K1
Tera Guru

Hi All,

 

We have an issue : "we ran into an issue where itil licenses were being removed the day after they were assigned. For example, I’ve added a person on a Monday and if they didn’t log in within 24 hours the license was removed."

 

Analysis : I troubleshoot the issue and i found there is one schedule job written and this ran daily 2 am est. Here is the script. Can any one help me how to fix this issue ( we ran into an issue where itil licenses were being removed the day after they were assigned. For example, I’ve added a person on a Monday and if they didn’t log in within 24 hours the license was removed.")

 

Script : 

var excUsers = gs.getProperty('users.excluded.from.password.reset');
var usersGr = new GlideRecord("sys_user");
//usersGr.addEncodedQuery("sys_created_onRELATIVELT@dayofweek@ahead@30^last_loginISEMPTY^ORlast_loginRELATIVELT@dayofweek@ahead@30");
usersGr.addQuery('user_name', 'NOT IN', excUsers);
usersGr.addEncodedQuery("sys_created_onRELATIVELT@dayofweek@ago@60^active=true^last_login_timeRELATIVELT@dayofweek@ago@60^ORlast_login_timeISEMPTY");
usersGr.query();
//gs.log(usersGr.getRowCount());

while(usersGr.next()){
//gs.log('user='+usersGr.user_name);
var user_groupGr = new GlideRecord("sys_user_grmember");
user_groupGr.addQuery("user", usersGr.sys_id);
user_groupGr.query();
//gs.log(user_groupGr.next());
if(user_groupGr.next()){
user_groupGr.deleteMultiple(); // when removing user from groups , the roles are also removed
}

}

1 ACCEPTED SOLUTION

I see, that is because you have "last login time is empty" so if they don't login at all, this is included. I would change your filter to: 

sys_created_onRELATIVELT@dayofweek@ago@60^active=true^last_login_timeRELATIVELT@dayofweek@ago@60^last_loginISNOTEMPTY^NQsys_created_onRELATIVELT@dayofweek@ago@60^active=true^last_login_timeISEMPTY^ORDERBYDESClast_login_time

This should find users who:

  1. Created 60 or more days ago
  2. Active is true
  3. Last login time is not empty and is 60 or more days ago

OR

  1. Created 60 or more days ago
  2. Active is true
  3. Last login time is empty

View solution in original post

10 REPLIES 10

Elijah Aromola
Mega Sage

What is the issue you're wanting to solve? Roles should be granted through groups, so if you're removing them from the group by deleting the sys_user_grmember record, they will lose their roles. 

Hi Elijah,

 

Thanks for your reply,

 

actually we would like to reduce itil license. so, we have written the schedule job script which was above updated. Now the issue we have faced is this "we ran into an issue where itil licenses were being removed the day after they were assigned. For example, I’ve added a person on a Monday and if they didn’t log in within 24 hours the license was removed.")

 

Is it possible to modify anything in the above script to prevent this?

 

Please guide me?

When do you want the licenses removed?

Hi Elijah,

 

Suppose today if we provide ITIL license to user and if the user didnt login with in 24 or 48 hours, because of the schedule job script rans daily 2am est -- next day user who has provided license yesterday removing from the groups, roles  -- so, guide me how to fix this issue --do i need to modify above schedule job script encoded query?

 

Please help me on this issue