Apply read only role to all users except admins

Alex Saager · ‎10-28-2019

Hi there,

I've activated the read only role in our test and dev instances but wanted to know whats the best way to apply this role to all users except admins.

I've found this script on the doc site to add role to every user, so I now need to edit this to exclude admins...

var gr = new GlideRecord("sys_user");
gr.query(); 
while(gr.next()) { 
   if (gr.accumulated_roles.toString().indexOf(",self_service,") == -1) {
    gr.roles = gr.roles + ",self_service";
    gr.update(); 
  } 
}

Thanks,

Alex

Mark Roethof · ‎10-28-2019

I just tested with below code. Maybe it could be done smarter, but this was the idea I just got.

Note, add a group "Read only" first + attach the snc_read_only role to that group. Copy the sys_id of the Read only group into the script. (0a73bdda37638700a4d212c543990ed4 is my sys_id for the Read only group)

var grUser = new GlideRecord('sys_user');
grUser.addQuery('roles', '!=', 'admin');
grUser.addActiveQuery();
grUser.setLimit(10);
grUser._query();

while(grUser._next()) {
	var grMember = new GlideRecord('sys_user_grmember');
	grMember.initialize();
	grMember.setValue('user', grUser.getUniqueValue());
	grMember.setValue('group', '0a73bdda37638700a4d212c543990ed4');
	grMember.insert();
}

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark

---

LinkedIn
Community article list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

View solution in original post