Who should have an ITIL access?

nebiata
Tera Expert

‎05-18-2023 11:40 AM

We are almost over the limit regarding ITIL license and I am trying to figure out if we can reduce users who have an itil access but not using it that often.

0 Helpfuls
  • 838 Views
4 REPLIES 4

Amit Gujarathi
Giga Sage
Giga Sage

‎05-18-2023 11:59 AM

Hi @nebiata ,
I trust you are doing great.

Identify users with ITIL access: You can use the ServiceNow User table to fetch a list of users who have been granted ITIL access. In the ServiceNow platform, the User [sys_user] table contains user information.

Here's an example of a ServiceNow query to retrieve users with ITIL access:

 

var userGr = new GlideRecord('sys_user');
userGr.addQuery('itil_role', true);
userGr.query();
while (userGr.next()) {
    gs.print('User: ' + userGr.name + ', ITIL Access: ' + userGr.itil_role);
}

 

Determine user activity: Once you have the list of users with ITIL access, you need to assess their activity level to identify those who are not using it frequently. This can be achieved by analyzing user login records and their interaction with ITIL-related functionalities.

Here's an example of a ServiceNow query to retrieve user login activity:

 

var userLoginGr = new GlideRecord('sys_user_login');
userLoginGr.addQuery('user', 'IN', 'sys_id1, sys_id2, ...'); // Replace sys_id1, sys_id2 with actual user sys_ids
userLoginGr.orderByDesc('login_time');
userLoginGr.setLimit(1);
userLoginGr.query();
if (userLoginGr.next()) {
    gs.print('Last login time for user: ' + userLoginGr.user.name + ' is ' + userLoginGr.login_time);
}

 

  1. By analyzing login records, you can identify users who haven't logged in for a significant period.

  2. Review and revoke ITIL access: Once you have identified users who have ITIL access but don't use it frequently, you can review their activity and decide whether to revoke their ITIL access. This can be done by removing the ITIL role from their user profiles.

    Here's an example of how to remove the ITIL role from a user in ServiceNow:

 

var userGr = new GlideRecord('sys_user');
userGr.addQuery('sys_id', '<user_sys_id>'); // Replace <user_sys_id> with the actual user sys_id
userGr.query();
if (userGr.next()) {
    userGr.itil_role = false;
    userGr.update();
    gs.print('ITIL access revoked for user: ' + userGr.name);
}
​

 


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



0 Helpfuls

tmalo
Tera Contributor

‎05-18-2023 12:01 PM

Depending on what your current Flows and Workflows look like, this could take some planning. But the short answer is only those who ever have a chance a being assign any task, should have ITIL. Approvals do not count as tasks. Please mark helpful if this helped.

0 Helpfuls

Amit Gujarathi
Giga Sage
Giga Sage

‎05-18-2023 12:06 PM

Hi @nebiata ,
I trust you are doing fine.
In our project also we are doing the same we have created a schedule job which will check if the user is not using ITIL role from last three months we rewoke it out.
And provided a self service catalog item from where they can get the access again


Was this answer helpful?


Please consider marking it correct or helpful.


Your feedback helps us improve!


Thank you!


Regards,


Amit Gujrathi



0 Helpfuls

LearnUseThrive
Mega Sage

‎05-18-2023 12:21 PM

Be careful, because you might be looking for more than just itil users. Other users can use up Fulfiller licenses as well. Check with your client account team, and also make sure to map your users and their roles to your subscription.

This is a good course. https://www.youtube.com/watch?v=QUxeEKQEksc

https://www.youtube.com/watch?v=QUxeEKQEksc
youtube.com/watch?v=QUxeEKQEksc
Join us for our new series of live sessions focused on core, foundational platform topics like Automated Test Framework (ATF), Instance Scan, Upgrade Center, Source Control and CICD, etc. This academy happens every other week Thursday (9am PDT, 6pm CEST), starting on July 8, 2021. We'll have ...
0 Helpfuls