- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2019 03:56 AM
Hi there,
I've activated the read only role in our test and dev instances but wanted to know whats the best way to apply this role to all users except admins.
I've found this script on the doc site to add role to every user, so I now need to edit this to exclude admins...
var gr = new GlideRecord("sys_user"); gr.query(); while(gr.next()) { if (gr.accumulated_roles.toString().indexOf(",self_service,") == -1) { gr.roles = gr.roles + ",self_service"; gr.update(); } }
Thanks,
Alex
Solved! Go to Solution.
- Labels:
-
Platform and Cloud Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2019 04:37 AM
I just tested with below code. Maybe it could be done smarter, but this was the idea I just got.
Note, add a group "Read only" first + attach the snc_read_only role to that group. Copy the sys_id of the Read only group into the script. (0a73bdda37638700a4d212c543990ed4 is my sys_id for the Read only group)
var grUser = new GlideRecord('sys_user');
grUser.addQuery('roles', '!=', 'admin');
grUser.addActiveQuery();
grUser.setLimit(10);
grUser._query();
while(grUser._next()) {
var grMember = new GlideRecord('sys_user_grmember');
grMember.initialize();
grMember.setValue('user', grUser.getUniqueValue());
grMember.setValue('group', '0a73bdda37638700a4d212c543990ed4');
grMember.insert();
}If my answer helped you in any way, please then mark it as helpful.
Kind regards,
Mark
---
LinkedIn
Community article list
Kind regards,
Mark Roethof
Independent ServiceNow Consultant
10x ServiceNow MVP
---
~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2019 04:12 AM
Hi,
If you give that to admins also, basically all users in the instance will have read only access and nobody will be able to change it in future if/when needed.
-Anurag
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2019 04:13 AM
Hi there,
You could indeed add a role directly to a user (not best practice). Then you would need to query which users have an admin role already. Or maybe your admin users are already identifyable by name, something like Name (ADM)?
You could also create a group, "Read Only", add the read only role to the group, and just add all users except admins to that group.
Question: Is it really about making all users have Read only on top of their current rights? Or is it about something else? If about Read only, then you should use role "snc_read_only".
If my answer helped you in any way, please then mark it as helpful.
Kind regards,
Mark
---
LinkedIn
Community article list
Kind regards,
Mark Roethof
Independent ServiceNow Consultant
10x ServiceNow MVP
---
~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2019 04:27 AM
Hi Mark,
Thanks for your quick response.
It's about users not being able to add/insert/edit/delete and have a view only role.
To give you a bit of background our test instance used to be our production instance and we implemented a new out of the box instance as production recently a few [people will still need access to it to move data across such as knowledge articles but what I don't want is people accessing the old instance to log tickets etc.
So ideally i want all users to have the snc_read_only role apart a few anyone with the admin role.
Hope this makes sense.
Thanks again,
Alex
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2019 04:37 AM
I just tested with below code. Maybe it could be done smarter, but this was the idea I just got.
Note, add a group "Read only" first + attach the snc_read_only role to that group. Copy the sys_id of the Read only group into the script. (0a73bdda37638700a4d212c543990ed4 is my sys_id for the Read only group)
var grUser = new GlideRecord('sys_user');
grUser.addQuery('roles', '!=', 'admin');
grUser.addActiveQuery();
grUser.setLimit(10);
grUser._query();
while(grUser._next()) {
var grMember = new GlideRecord('sys_user_grmember');
grMember.initialize();
grMember.setValue('user', grUser.getUniqueValue());
grMember.setValue('group', '0a73bdda37638700a4d212c543990ed4');
grMember.insert();
}If my answer helped you in any way, please then mark it as helpful.
Kind regards,
Mark
---
LinkedIn
Community article list
Kind regards,
Mark Roethof
Independent ServiceNow Consultant
10x ServiceNow MVP
---
~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field
