Inherited roles not deleted when user removed from group

martinsk
Mega Expert

‎04-29-2019 07:41 AM

Hi

This issue relates to roles which have been inherited by a user via membership of a group, which are then not deleted when that user is removed from the group membership.

Previously, I was able (as advised elsewhere in the Community) to export the records from table 'sys_user_has_role' to an XML file, then change the 'inherited' attribute to false, and then import the amended XML file back in to ServiceNow. In Jakarta this worked.

In London, when I attempt to import the amended XML file into the system, I get error 'Skipping record for table sys_user_has_role and id ************************** - permission denied'.

I have the admin role; I have used Elevate Roles; I have even disabled all write access controls on the sys_user_has_role table. I still get the error.

Any help with this would be much appreciated.

Martin

0 Helpfuls
  • 2,879 Views
5 REPLIES 5

sachin_namjoshi
Kilo Patron
Kilo Patron

‎04-29-2019 08:02 AM

This error is coming from OOB platform API.

YOu can configure business rule on sys_user_grmember table on DELETE to delete roles from sys_user_has_role table records.

 

Regards,

Sachin

0 Helpfuls

djohnson1
Mega Guru

‎04-29-2019 08:23 AM

Martinsk, 

      It appears there was a dictionary entry update on the Inherited column, specifically the sys_dictionary.read_only option is selected. You can disable this option and should be able to follow the same process. find_real_file.png

Thanks, 

Derrick Johnson

Preview file
81 KB
0 Helpfuls

martinsk
Mega Expert
In response to djohnson1

‎04-29-2019 09:04 AM

Thanks for your reply.

I did uncheck the read-only attribute on this and the other read-only fields in this table, but unfortunately it still gives the same error message.

I may need to contact ServiceNow Support about this one.

Martin

0 Helpfuls

Slava Savitsky
Giga Sage

‎04-29-2019 08:26 AM

The fact that you cannot modify those records is most likely related to Contextual Security: Role Management V2 (com.glide.role_management.inh_count) plugin, formerly known as Contextual Security: Role Management Enhancements plugin. Its purpose is to prevent duplicate entries in sys_user_has_role table for inherited roles.

If you have not made any customization to the out-of-the-box role assignment logic, I would suggest reaching out to ServiceNow Technical Support in order to find out the cause of the issue rather than resorting to risky workarounds.


Blog: https://sys.properties | Telegram: https://t.me/sys_properties | LinkedIn: https://www.linkedin.com/in/slava-savitsky/
0 Helpfuls