Cannot remove roles for users that are "inherited", but the Role Inheritance Map shows no parent for the role.

Adam Geil
Kilo Sage

We are preparing to deploy CSM. An update set was pushed from dev to test. Now a large subset of users have been assigned the following roles:

  • snc_external
  • sn_apptmnt_booking.appointment_booking_user
  • sn_customerservice.customer
  • sn_esm_user
  • task_activity_reader

These roles are listed as Inherited, but the Role Inheritance Map does not show a parent, so they cannot be removed. I attempted to delete the sys_user_has_role record for these, but I do not have the option to delete (using admin role).


Steps to reproduce:
Initially, these individuals had the sn_customerservice.customer and sn_customerservice.customer_case_manager roles. I removed these roles, but the child roles listed above remained tied to the user accounts. I attempted to delete the sys_user_has_role records for these users/roles, but I don’t have the option to delete the record despite my account having the admin, user_admin, and security_admin roles.

1 ACCEPTED SOLUTION

Hey Allen,

I appreciate your suggestions!  

The final resolution was that HI had to run the above script for each sys_user_has_role record using their "maint" role in order to remove these orphaned child roles (this is what I'm referring to them as). 

We weren't able to find root cause, but I suspect it is tied to me moving an update set up to test out of order.

View solution in original post

18 REPLIES 18

Ashutosh Munot1
Kilo Patron
Kilo Patron

Hi,

Are you sure, this roles where part of this two roles? I think they are assigned by other roles as well.

If not then you need to write a fix script and then delete this entries using script.


Thanks,
Ashutosh

Adam Geil
Kilo Sage

Hi Ashutosh,

I believe you're correct, these roles are assigned by other roles as well, but in this instance, the users in question only appear to have been assigned the sn_customerservice.customer and sn_customerservice.customer_case_manager roles.

I'm still pretty new to fix scripts. I tried running the following, but it wasn't successful:

var userRole = new GlideRecord("sys_user_has_role");
userRole.get(userRoleSysID);
userRole.deleteRecord();

HI,

Try this:

var userRole = new GlideRecord("sys_user_has_role");
userRole.addQuery('role','PUT SYS ID OF ROLE');
userRole.addQuery('user','PUT SYS ID OF USER FOR WHICH ROLE NEEDS TO BE REMOVED');
userRole.query();
if(userRole.next()){
userRole.deleteRecord();
}


Thanks,
Ashutosh

Hey Ashutosh, unfortunately this didn't work.