Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Roles Not Removing from User

Go to solution
yana7
Tera Contributor

‎06-27-2024 09:08 PM

I'm trying to remove roles from a user, but they're not being removed.

  1. [Image 1] This is the user I want to remove roles from.

    yana7_3-1719547173800.png

     

  2. [Image 2] I've removed the roles in the Edit Role section and saved.

    yana7_4-1719547191895.png

     

  3. [Image 3] The roles are still listed in the Related list tab.

    yana7_5-1719547211477.png

     

When I check the User tab from the Role itself, the user account is still there.

yana7_6-1719547231708.png

yana7_8-1719547295090.png

What should I do  to Remove Roles?

0 Helpfuls
  • 2,065 Views
1 ACCEPTED SOLUTION

Go to solution
SN_Learn
Kilo Patron
Kilo Patron
In response to yana7

‎06-30-2024 11:41 PM

Hi @yana7 ,

 

Please try the below in background script:

var userRole = new GlideRecord('sys_user_has_role');
userRole.get('61737f1bc36602103869d64d050131ee'); //Replace SysId of the role relationship in the [sys_user_has_role] table
userRole.inherited = false; //Updating it to false, then only we will be able to delete it.
userRole.update();
userRole.deleteRecord();

 

Highlighted sys_id is what you need to replace in the above code as per your requirement

SN_Learn_0-1719815887609.png

 

Note: Please try in non prod first and check and it is not recommended to run background script in Prod.

 

 

Mark this as Helpful / Accept the Solution if this helps

 

 

----------------------------------------------------------------
Mark this as Helpful / Accept the Solution if this helps.

View solution in original post

13 REPLIES 13

Go to solution
zackss
Tera Contributor

‎06-27-2024 10:46 PM

Hello @yana7 ,

 

It seems that Dedy has a group, have you checked if that group is the one containing the role?

 

Regards,

Zack

0 Helpfuls

Go to solution
yana7
Tera Contributor
In response to zackss

‎06-30-2024 07:39 PM

the group had no role

0 Helpfuls

Go to solution
Dr Atul G- LNG
Tera Patron
Tera Patron

‎06-28-2024 02:45 AM

Hi @yana7 

 

As per best practice,   a role never assigned to a user directly , and in same line when you want to remove the role, remove the role from group first and then it will get removed from user profile. 

*************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.

Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]

****************************************************************************************************************

Go to solution
Bert_c1
Kilo Patron

‎06-29-2024 11:48 AM

HI @yana7

 

If you have the "Contextual Security: Role Management V2" plugin activated (activated on instances for some time now). Then there is a fix script Servcenow Support can run to identify any inheritance errors, and correct that aspect. If you don't have that plugin, activate it.

 

 If a role was added to a user directly (not best practice as stated above) then admin user should be able to delete the record.  Once the sys_user_has_role table has been cleaned up, avoid adding roles directly (although still possible) and do that using groups. for sys_user_has_role records you can add the 'Inheritance map' column to a list view and see how that user inherited the role.

0 Helpfuls

Go to solution
yana7
Tera Contributor
In response to Bert_c1

‎06-30-2024 09:16 PM

This is the inheritance map for user Dedy's roles

yana7_1-1719807215503.png

 

 

his is the map for another user.

yana7_0-1719807182101.png

 

0 Helpfuls