Using flow studio, what action to use to to add/remove roles as per request type?

AbejunRanzM
Tera Contributor

‎12-07-2024 12:06 AM

Hi! I just want to know how to do: If Request Type is Remove Access or Remove All Access, automatically remove the role/s, then set the RITM state to Closed Complete.

 

My flow is as follows as per the other requirements: 

AbejunRanzM_0-1733558722463.png

 

0 Helpfuls
  • 609 Views
3 REPLIES 3

Sohail Khilji
Kilo Patron
Kilo Patron

‎12-07-2024 03:15 AM - edited ‎12-07-2024 03:15 AM

Hi !

 

 

You can use a "Script Step" in Flow Designer instead of a "Delete Record" action, allowing you to execute the script to remove the groups and roles.

 

Add a script step after your group removal step to handle the role deletion.


☑️ Please mark responses as HELPFUL or ACCEPT SOLUTION to assist future users in finding the right solution....

LinkedIn - Lets Connect

0 Helpfuls

Uncle Rob
Kilo Patron
In response to Sohail Khilji

‎12-07-2024 03:43 AM - edited ‎12-07-2024 04:27 AM

You never want to delete sys_user_has_role by script, ever ever ever.
You don't need a script step because there's a Delete Record action.
Also, "Script Step" is only available when building a custom Flow Action, which isn't necessary here given the existence of Delete Record.

0 Helpfuls

Uncle Rob
Kilo Patron

‎12-07-2024 03:32 AM - edited ‎12-07-2024 03:42 AM

Are we talking about ServiceNow roles here?   If so lets review a best practice
ALWAYS associate roles to an assignment group, then manage assignment group membership.

NEVER (almost never) associate roles directly to users.

Second, I'd make two separate requests.  One to add and one to remove from group.
I can imagine both needing more flow considerations than just record creation/removal.  You might want to give someone onboarding / training materials on add.  You might want to do other activities (like ticket assignment reconciliation on removal).  Also, on removal you want to present ONLY the groups they're already a part of.

 

You also have to decide between simple and complex order entry.

Simple:  Add Bob to GroupX

Complex:   Add Bob to GroupX, Y, and Z
To keep this short and readable, lets handle the complex case in a separate reply.  Here's the simple method.

 

ADD USER TO GROUP (SIMPLE)
Variables:  user, group

Flow:

1 Get variables

2 Ask for Approval (from manager of the group variable)

3 If approved

4 -- Create Record (group membership where group = group variable, user = user variable)
5 Else

6 -- Do something to let user know it wasn't approved.
7 Update Record (RITM to set state complete)


If you wanted to get REAL fancy, you could insert a Look Up to make sure the user isn't already in the group and have some way of reacting to that info.

 

REMOVE USER FROM GROUP (SIMPLE)

Variables:  user, group (with reference qualifier to show only groups user is in)

Flow:

1 Get variables

2 Ask for Approval (from manager of the group variable)
3 If Approved
4 -- Look Up Record (group membership where group = variable group and user = variable user)
5 -- Delete Record (from 3.1 lookup)

6 Else

7 -- Do something to let user know it wasn't approved.

8 Update Record (RITM to set state complete)

 

0 Helpfuls