Help assigning a role to all users simultaneously with script.

Gemma4 · ‎09-20-2023

Hi everyone,

I have a role that is used in a catalog item and I need to grant all users access to this role; so everyone in the company can access this catalog item. (the role determines when variables are required and only users with the pm manager role will not have the variables required.

Can someone help me with a script to grant all users access to this pm_user role?

Thanks so much!

Gemma4 · ‎09-20-2023

By the way, I tried the following background script and the user record is not updating with the role but is showing empty. See attached and below. thanks!!

var gr = new GlideRecord("sys_user");

gr.query();

while(gr.next()) {

var grrole = new GlideRecord("sys_user_has_role");

grrole.initialize();

grrole.user = gr.sys_id ;

grrole.role = '1d6b7b83971131102ab77d100153af97';

grrole.insert();

}

Sandeep Rajput · ‎09-20-2023

@Gemma4 I ran the same script (changing the sys_id based on my instance) and it worked fine for me. It appears to me that the sys_id which you have for your role pm_manager is incorrect and hence it is creating a dead reference. Please find the correct sys_id for pm_manager role in sys_user_role table and replace the same in the script.

Also, assigning the role directly to all the users doesn't sound appropriate to me. Ideally, you should have assigned the roles via a group.

Since in your updated implementation to make the variables required for ALL users and not just those with the role, you could have simply removed the role check from your UI Policy script, the assignment of pm_manager role to all the users would have not been needed in that case.

Gemma4 · ‎09-21-2023

Hi @Sandeep Rajput

I'm not clear on what you mean by the following "Since in your updated implementation to make the variables required for ALL users and not just those with the role, you could have simply removed the role check from your UI Policy script, the assignment of pm_manager role to all the users would have not been needed in that case."

So far what I've done

is export the sys_users

formatted list to include group name

Imported list in Table sys_user_grmember
Verified New names appear in group

Is this a bad approach?

What I still am not clear on is how to ensure new users will have the role? Is there a way to do a scheduled job for this?

thanks for any feedback you can provide

Sandeep Rajput · ‎09-21-2023

@Gemma4 I was referring to one of your replies where you have mentioned 'Today I was asked to still follow all the requirements above, but to make the variables required for ALL users and not just those with the role. ' I am assuming that the role check for pm_manager can be removed from your script as the variables needed to be made required for all the users and not just for the users with pm_manager role.

Regarding question on pm_manager role, it can be easily assigned to the new users by simply creating an After Insert business rule on sys_user table. However, I urge you to reconsider your approach of assigning pm_manager role to all the users on your instance.