- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-23-2018 07:28 AM
Hi All,
I am System admin using Istanbul SN. I have some users who have left the business and they consumed fulfiller roles. They were assigned them through association with the group they were placed in. Upon taking them out of that group, it hasn't removed their roles. I then try and remove them manually, but it will not let me. This only seems to happen when the roles are showing as Inherited = true.
I go into the edit section on roles (one user has 22 roles) and absolutely no roles appear to transfer from selected back to available.
some of the users have no real dependencies, so removing the roles from them would not cause any issues. I do not want to log a customer support call every time i want to do some housekeeping with users who have left the company.
thanks in advance for you help.
Tom
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-26-2018 10:05 AM
I was suffering from the same issue as yourself, a user that despite not being in any groups was still inheriting roles (30 in my case) and was unable to remove them.
I was able to work around this as follows:
1. Navigate to the "sys_user_has_role" table as already mentioned in this thread.
2. Filter the results down to the username affected.
3. Export the list as an XML file.
4. Using your XML editor of choice, locate the "<inherited>true</inherited>" entry and replace it with "<inherited>false</inherited>".
5. Save the changes and import the XML file back into the sys_user_has_role table.
6. You should now be able to freely delete the roles from the user.
I double-checked to ensure that this caused no obvious errors and confirmed that the user was no longer able to access the applications associated with the removed roles.
Hope this helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-17-2020 06:48 AM
Hi
// Code to remove Base_User_Role and Read_Only_Requested_Items from users that are inactive
//query the sys_user table for only inactive users
var userlist = new GlideRecord('sys_user');
userlist.addQuery('active', 'false');
userlist.query();
while (userlist.next()) {
// change the inherited to False, it would change to false any active role
var grRemove = new GlideRecord('sys_user_has_role');
//grRemove.addQuery('role.name', 'Base_User_Role');
grRemove.addQuery('user', userlist.sys_id); //since users are inactive mark inherited false for all corresponding records
grRemove.query();
while (grRemove.next()) {
grRemove.inherited = 'false';
grRemove.update();
}
//add all the roles that you need to remove
// Delete the Base_User_Role,
var grRemove1 = new GlideRecord('sys_user_has_role');
grRemove1.addQuery('role.name', 'Base_User_Role');
grRemove1.addQuery('user', userlist.sys_id);
grRemove1.query();
while (grRemove1.next()) {
grRemove1.deleteMultiple();
}
// Delete the Read_Only_Requested_Items record
var grRemove2 = new GlideRecord('sys_user_has_role');
grRemove2.addQuery('role.name', 'Read_Only_Requested_Items');
grRemove2.addQuery('user', userlist.sys_id);
grRemove2.query();
while (grRemove2.next()) {
grRemove2.deleteMultiple();
}
gs.log(userlist.name + " had the Base User Role and Read_Only_Requested_Items, but were removed.");
}
// To verified the log go to filter navigator and type "script log statements"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-14-2022 02:53 AM
Hi Robert
It help me to remove those unlinked roles
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-17-2025 07:33 AM
