Email notification to user with ITIL group names if user is member of those groups

Sarah Bouil · ‎07-19-2024

I need to remove ITIL role from user ''Test1'' but the ITIL role is inherited from group 'Welcome1'. In order to remove ITIL role from user I should be remove the group 'Welcome1' from user 'Test1', since ITIL is inherited from group.

so my requirement is:

1. Before I remove ITIL role from user I should be notify the user 'Test1' by sending the email and we will inform user with the message as: we are revoking the ITIL access and the group is: Welcome1, since you didn't logged in the system from last 6 months.

It just need to notify the user Test1 with ITIL group: Welcome? Kindly help me with the steps or code?

Community Alums · ‎07-19-2024

Hi @Sarah Bouil ,

Here are the steps and a script to help you achieve this:

Steps:

Query the user and their groups: Identify the user Test1 and the group Welcome1.
Check the user's last login date: Ensure the user has not logged in for the last 6 months.
Send a notification email: Inform the user that their ITIL access will be revoked and the group Welcome1 will be removed due to inactivity.
Remove the group: If the user meets the criteria, remove the group Welcome1 from the user Test1.

Script:

Here is a script you can use in ServiceNow to automate this process. You can run this script as a background script or in a Script Include.

(function() {
    // Define the user and group
    var userName = 'Test1';
    var groupName = 'Welcome1';
    var roleName = 'itil';

    // Fetch the user
    var userGR = new GlideRecord('sys_user');
    userGR.get('user_name', userName);

    if (userGR.isValidRecord()) {
        // Check the last login date
        var lastLoginDate = new GlideDateTime(userGR.last_login_time);
        var sixMonthsAgo = new GlideDateTime();
        sixMonthsAgo.addMonthsUTC(-6);

        if (lastLoginDate.before(sixMonthsAgo)) {
            // Fetch the group
            var groupGR = new GlideRecord('sys_user_group');
            groupGR.get('name', groupName);

            if (groupGR.isValidRecord()) {
                // Check if the user is in the group
                var userGroupGR = new GlideRecord('sys_user_grmember');
                userGroupGR.addQuery('user', userGR.sys_id);
                userGroupGR.addQuery('group', groupGR.sys_id);
                userGroupGR.query();

                if (userGroupGR.next()) {
                    // Send notification email
                    var email = new GlideEmailOutbound();
                    email.setSubject('ITIL Access Revocation Notification');
                    email.setTo(userGR.email);
                    email.setBody('Dear ' + userGR.name + ',\n\n' +
                        'We are notifying you that your ITIL access will be revoked and you will be removed from the group: ' + groupName + ', as you have not logged into the system in the last 6 months.\n\n' +
                        'If you believe this is a mistake or have any concerns, please contact the IT support team.\n\n' +
                        'Best regards,\n' +
                        'Your IT Team');
                    email.send();

                    // Remove the user from the group
                    userGroupGR.deleteRecord();
                    gs.info('User ' + userName + ' removed from group ' + groupName + ' and notified via email.');
                } else {
                    gs.info('User ' + userName + ' is not a member of group ' + groupName);
                }
            } else {
                gs.info('Group ' + groupName + ' not found.');
            }
        } else {
            gs.info('User ' + userName + ' has logged in within the last 6 months.');
        }
    } else {
        gs.info('User ' + userName + ' not found.');
    }
})();

Note: Feel free to customize the code, and use this logic where-ever you want.

Thanks,

Hope it helps.

If my solution turns useful, please mark it helpful and accept solution.

Community Alums · ‎07-20-2024

Hi @Sarah Bouil ,

Here is the updated code from the previous query now include

(function() {
    var ITIL_ROLE_ID = '282bf1fac6112285017366cb5f867469'; // ITIL role sys_id

    // Function to find all roles containing the given role
    function getContainingRoles(roleSysId, rolesToRemove) {
        var grRoleContains = new GlideRecord('sys_user_role_contains');
        grRoleContains.addQuery('contains', roleSysId);
        grRoleContains.query();
        while (grRoleContains.next()) {
            var containingRoleId = grRoleContains.role.toString();
            if (!rolesToRemove.includes(containingRoleId)) {
                rolesToRemove.push(containingRoleId);
                getContainingRoles(containingRoleId, rolesToRemove);
            }
        }
    }

    // Array to keep track of roles to be removed
    var rolesToRemove = [ITIL_ROLE_ID];
    getContainingRoles(ITIL_ROLE_ID, rolesToRemove);

    // Query to get all users with specific criteria
    var userGr = new GlideRecord('sys_user');
    userGr.addEncodedQuery('sys_idSTARTSWITHf298d2d2c611227b0106c6be7f154bc8'); // Limit to specific users
    userGr.setLimit(1);
    userGr.query();
    gs.print('User count: ' + userGr.getRowCount());

    while (userGr.next()) {
        gs.print('Processing User: ' + userGr.getDisplayValue('user_name'));

        var groupList = []; // To store groups from which the user will be removed

        // Remove explicit ITIL role assignments
        var userRoleGr = new GlideRecord('sys_user_has_role');
        userRoleGr.addQuery('user', userGr.sys_id);
        userRoleGr.addQuery('role', 'IN', rolesToRemove.join(','));
        userRoleGr.query();
        while (userRoleGr.next()) {
            gs.log('Removing explicit ITIL role for user: ' + userGr.user_name);
            userRoleGr.deleteRecord();
        }

        // Remove user from groups that provide the ITIL role or its containing roles
        var groupMemberGr = new GlideRecord("sys_user_grmember");
        groupMemberGr.addQuery("user", userGr.sys_id);
        groupMemberGr.query();

        while (groupMemberGr.next()) {
            var groupRoleGr = new GlideRecord("sys_group_has_role");
            groupRoleGr.addQuery("group", groupMemberGr.group);
            groupRoleGr.addQuery("role", 'IN', rolesToRemove.join(','));
            groupRoleGr.query();

            if (groupRoleGr.next()) {
                gs.log('User ' + groupMemberGr.getDisplayValue('user') + ' removed from group ' + groupMemberGr.group.name + ' due to License Optimization');
                groupList.push(groupMemberGr.group.name.toString()); // Add group name to the list
                groupMemberGr.deleteRecord();
            }
        }

        // Send email notification if the user was removed from any group
        if (groupList.length > 0) {
            var emailBody = 'Dear ' + userGr.name + ',\n\n' +
                'We are notifying you that your ITIL access will be revoked and you will be removed from the following groups due to inactivity for the last 6 months:\n\n' +
                groupList.join('\n') + '\n\n' +
                'If you believe this is a mistake or have any concerns, please contact the IT support team.\n\n' +
                'Best regards,\n' +
                'Your IT Team';

            gs.email(userGr.email, 'no-reply@yourdomain.com', 'ITIL Access Revocation Notification', emailBody);
            gs.log('Notification email sent to user: ' + userGr.user_name);
        }
    }
})();

This script should help you in getting the above requirement.

If my response has resolved your query, please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!

Thanks & Regards,

Sanjay Kumar

Community Alums · ‎07-22-2024

Hi @Sarah Bouil ,

As this issue is now solved.

Can you please consider giving it a thumbs up ‌‌ and marking it as the correct answer‌‌!

Thanks & Regards,

Sanjay Kumar