- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-15-2020 01:14 PM
We are preparing to deploy CSM. An update set was pushed from dev to test. Now a large subset of users have been assigned the following roles:
- snc_external
- sn_apptmnt_booking.appointment_booking_user
- sn_customerservice.customer
- sn_esm_user
- task_activity_reader
These roles are listed as Inherited, but the Role Inheritance Map does not show a parent, so they cannot be removed. I attempted to delete the sys_user_has_role record for these, but I do not have the option to delete (using admin role).
Steps to reproduce:
Initially, these individuals had the sn_customerservice.customer and sn_customerservice.customer_case_manager roles. I removed these roles, but the child roles listed above remained tied to the user accounts. I attempted to delete the sys_user_has_role records for these users/roles, but I don’t have the option to delete the record despite my account having the admin, user_admin, and security_admin roles.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-20-2020 06:10 AM
Hey Allen,
I appreciate your suggestions!
The final resolution was that HI had to run the above script for each sys_user_has_role record using their "maint" role in order to remove these orphaned child roles (this is what I'm referring to them as).
We weren't able to find root cause, but I suspect it is tied to me moving an update set up to test out of order.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-15-2020 01:24 PM
Hi,
Are you sure, this roles where part of this two roles? I think they are assigned by other roles as well.
If not then you need to write a fix script and then delete this entries using script.
Thanks,
Ashutosh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-15-2020 01:42 PM
Hi Ashutosh,
I believe you're correct, these roles are assigned by other roles as well, but in this instance, the users in question only appear to have been assigned the sn_customerservice.customer and sn_customerservice.customer_case_manager roles.
I'm still pretty new to fix scripts. I tried running the following, but it wasn't successful:
var userRole = new GlideRecord("sys_user_has_role");
userRole.get(userRoleSysID);
userRole.deleteRecord();

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-15-2020 02:00 PM
HI,
Try this:
var userRole = new GlideRecord("sys_user_has_role");
userRole.addQuery('role','PUT SYS ID OF ROLE');
userRole.addQuery('user','PUT SYS ID OF USER FOR WHICH ROLE NEEDS TO BE REMOVED');
userRole.query();
if(userRole.next()){
userRole.deleteRecord();
}
Thanks,
Ashutosh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-15-2020 02:18 PM
Hey Ashutosh, unfortunately this didn't work.