Roles Not Removing from User

Go to solution
yana7
Tera Contributor

‎06-27-2024 09:08 PM

I'm trying to remove roles from a user, but they're not being removed.

  1. [Image 1] This is the user I want to remove roles from.

    yana7_3-1719547173800.png

     

  2. [Image 2] I've removed the roles in the Edit Role section and saved.

    yana7_4-1719547191895.png

     

  3. [Image 3] The roles are still listed in the Related list tab.

    yana7_5-1719547211477.png

     

When I check the User tab from the Role itself, the user account is still there.

yana7_6-1719547231708.png

yana7_8-1719547295090.png

What should I do  to Remove Roles?

0 Helpfuls
  • 2,839 Views
1 ACCEPTED SOLUTION

Go to solution
SN_Learn
Kilo Patron
In response to yana7

‎06-30-2024 11:41 PM

Hi @yana7 ,

 

Please try the below in background script:

var userRole = new GlideRecord('sys_user_has_role');
userRole.get('61737f1bc36602103869d64d050131ee'); //Replace SysId of the role relationship in the [sys_user_has_role] table
userRole.inherited = false; //Updating it to false, then only we will be able to delete it.
userRole.update();
userRole.deleteRecord();

 

Highlighted sys_id is what you need to replace in the above code as per your requirement

SN_Learn_0-1719815887609.png

 

Note: Please try in non prod first and check and it is not recommended to run background script in Prod.

 

 

Mark this as Helpful / Accept the Solution if this helps

 

 

----------------------------------------------------------------
Mark this as Helpful / Accept the Solution if this helps.

View solution in original post

13 REPLIES 13

Go to solution
zackss
Tera Contributor

‎06-27-2024 10:46 PM

Hello @yana7 ,

 

It seems that Dedy has a group, have you checked if that group is the one containing the role?

 

Regards,

Zack

0 Helpfuls

Go to solution
yana7
Tera Contributor
In response to zackss

‎06-30-2024 07:39 PM

the group had no role

0 Helpfuls

Go to solution
Dr Atul G- LNG
Tera Patron

‎06-28-2024 02:45 AM

Hi @yana7 

 

As per best practice,   a role never assigned to a user directly , and in same line when you want to remove the role, remove the role from group first and then it will get removed from user profile. 

*************************************************************************************************************
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/dratulgrover [ Connect for 1-1 Session]

****************************************************************************************************************

Go to solution
Bert_c1
Kilo Patron

‎06-29-2024 11:48 AM

HI @yana7

 

If you have the "Contextual Security: Role Management V2" plugin activated (activated on instances for some time now). Then there is a fix script Servcenow Support can run to identify any inheritance errors, and correct that aspect. If you don't have that plugin, activate it.

 

 If a role was added to a user directly (not best practice as stated above) then admin user should be able to delete the record.  Once the sys_user_has_role table has been cleaned up, avoid adding roles directly (although still possible) and do that using groups. for sys_user_has_role records you can add the 'Inheritance map' column to a list view and see how that user inherited the role.

0 Helpfuls

Go to solution
yana7
Tera Contributor
In response to Bert_c1

‎06-30-2024 09:16 PM

This is the inheritance map for user Dedy's roles

yana7_1-1719807215503.png

 

 

his is the map for another user.

yana7_0-1719807182101.png

 

0 Helpfuls