Using a reference field to add members to a group

ccajohnson
Kilo Sage

on ‎02-23-2022 12:40 PM

Purpose

There are times when you want to add and remove members from a group without having to grant a user permission to the group membership table. You can leverage a reference field that points to the user table to accomplish this.

Use Case

When a user is added to the Assigned to field in the Server table, they will automatically be added to the CAB Approval group. Likewise, if the user is no longer assigned to any servers, they should be removed from the group.

Solution

Script Include

In order for this solution to be more universal, the checking and assigning mechanisms shall be placed in a script include:

global.groupUtils
Name: groupUtils
Api Name: global.groupUtils
Client callable: false
Application: Global
Accessible from: All application scopes
Description: Custom Include containing Group related methods.
Script:
var groupUtils = Class.create();
groupUtils.prototype = {
    initialize: function() {
    },

    /**
     * Adds a user to a group
     *
     * @param      {string}  usrID   sys_id of the User to add
     * @param      {string}  grpID   sys_id of the Group to add User to
     */
    addToGroup: function(usrID, grpID) {
        var memObj = new GlideRecord('sys_user_grmember');
        memObj.group = grpID;
        memObj.user = usrID;
        memObj.insert();
    },

    /**
     * Checks if a referenced user is contained within a table.
     *
     * @param      {string}   tName   The name of the table to check against.
     * @param      {string}   usrID   The sys_id of the user.
     * @param      {string}   fName   The name of the reference field.
     * @return     {boolean}  Returns true when the referenced user is found,
     *                        otherwise returns false.
     */
    chkContainsUser: function(tName, usrID, fName) {
        var recObj = new GlideRecord(tName);
        recObj.addQuery(fName, usrID);
        recObj.query();
        return recObj.hasNext();
    },

    /**
     * Removes a user from a group
     *
     * @param      {string}  usrID   sys_id of the User to remove
     * @param      {string}  grpID   sys_id of the Group to remove User from
     */
    removeFromGroup: function(usrID, grpID) {
        var memObj = new GlideRecord('sys_user_grmember');
        memObj.addQuery('group', grpID);
        memObj.addQuery('user', usrID);
        memObj.query();
        while (memObj.next()) {
            memObj.deleteRecord();
        }
    },

    type: 'groupUtils'
};

Business Rule

For our use case, we will be creating a business rule on the Server table triggered when the Assigned to field changes.

AddRemoveGrpMembersCAB
Name: AddRemoveGrpMembersCAB
Table: Server [cmdb_ci_server]
When: after
Insert: true
Update: true
Condition: current.assigned_to.changes()
Script:
(function executeRule(current, previous /*null when async*/) {
    var gName = 'CAB Approval';                                     //01#
    var gSysID = 'b85d44954a3623120004689b2d5dd60a';                //02#
    var sInc = new global.groupUtils();                             //03#
    if (!current.assigned_to.nil()) {                               //04#
        var cUser = current.assigned_to;                            //05#
        if (!gs.getUser().getUserByID(cUser).isMemberOf(gName)) {   //06#
            sInc.addToGroup(cUser, gSysID);                         //07#
        }
    }
    if (!previous.assigned_to.nil()) {                              //08#
        var tName = current.getTableName();                         //09#
        var pUser = previous.assigned_to;                           //10#
        var chk = sInc.chkTable(tName, pUser, 'assigned_to');       //11#
        if (!chk) {                                                 //12#
            sInc.removeFromGroup(pUser, gSysID);                    //13#
        }
    }
})(current, previous);

Notes:

  1. Set the variable gName to be the name of the group to search on. For this example, we are using the out of box group: CAB Approval
  2. Set the variable gSysID to be the sys_id of the group to search for. For this example, we are using the sys_id value for the out of box group: CAB Approval
  3. Initialize the userUtils script include.
  4. When the current value of the Assigned to field is not empty:
  5. Set the variable cUser to the current value of the Assigned to field.
  6. If the current user is not a member of the group:
  7. Run the addToGroup function to add the user to the group.
  8. When the previous value of the Assigned to field is not empty:
  9. Set the variable tName to be the table name of the record.
  10. Set the variable pUser to the previous value of the Assigned to field.
  11. Set the variable chk to be the result of the chkTable function using tName, pUser, and the assigned_to field as inputs.
  12. If the previous user is not in the Assigned to field of other records:
  13. Run the removeFromGroup function to remove the previous user from the group.
0 Helpfuls
  • 1,587 Views
Version history
Last update:
‎02-23-2022 12:40 PM
Updated by: