Remove Users if No activity in Service-Now
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2023 06:46 AM
Hello all,
I want to remove ITIL role for all the users who has not logged into Service-now for more than 90 days.
Can someone tell me how to do this?
Regards,
Lucky
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2023 06:49 AM
Hi @Lucky1 ,
If you're simply looking at removing access, you could set up a business rule looking at the last login time on the sys_user table, which simply marks an account as inactive past that 90 day mark.
If you're then using Subscription User Sets to track your licenses, you can use the Active field as a condition of being in the set.
We're currently in the process of implementing something similar, but just want to strip any itil access (rather than all access) off anybody who hasn't logged in for 90 days, to that effect, we've just set up a Scheduled job based on that last login time that strips the role and populates it into a new custom table, so we could restore things with a simple UI action that we've set up.
You can try Below:
Goal 1: Email those users to say they need to log in or we're going to take away their access.
-
I can pull a report for these users but I'm not sure how to trigger the notification for 30 days from their last login date. I've read all over about "create an event" and associating it with a business rule but everything i've read is high-level and I dont know enough to just go do it
-
Create an event in System Policy\Events\Registry
-
Name: user.loggedin
-
Table: sys_user
-
then what?
-
-
Create a notification in System Notification\Email\Notifications
-
Name: 30 Day No Login
-
Table: sys_user
-
Sen when: event is fired
-
Event: user.loggedin
-
Conditions: Last Login relative over 30 days ago?
-
Goal 2: Remove the idle users from the ITIL role (or remove their groups) after 45 days of inactivity.
-
We have some automated accounts that i dont want to break and would like to exclude them from this. I have a script that I can run daily to blow away their roles but i dont know how to exclude these specific accounts.
-
Script nabbed from elsewhere is:
var gr= new GlideRecord('sys_user');
gr.addEncodedQuery('active=true^last_loginRELATIVELT@dayofweek@ago@45'); // this gets all the users who are active and last logged in 45d ago
gr.query();
while(gr.next()){
var gr2= new GlideRecord('sys_user_grmember');
gr2.addQuery('user',gr.sys_id);
gr2.query();
gr2.deleteMultiple(); //deletes the user from the groups
var gr1= new GlideRecord('sys_user_has_role');
gr1.addQuery('user',gr.sys_id);
gr1.query();
gr1.deleteMultiple(); // deletes all the roles the user have
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2023 07:05 AM
@Lucky1 Create a scheduled job which runs daily and do a glide record to sys_user table. get the last login field and compare it with the current date. If the last login date is older than 90 days then set the active=false for that user.
Let me know if you need the script.
