Email notification to user with ITIL group names if user is member of those groups
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2024 03:02 PM
I need to remove ITIL role from user ''Test1'' but the ITIL role is inherited from group 'Welcome1'. In order to remove ITIL role from user I should be remove the group 'Welcome1' from user 'Test1', since ITIL is inherited from group.
so my requirement is:
1. Before I remove ITIL role from user I should be notify the user 'Test1' by sending the email and we will inform user with the message as: we are revoking the ITIL access and the group is: Welcome1, since you didn't logged in the system from last 6 months.
It just need to notify the user Test1 with ITIL group: Welcome? Kindly help me with the steps or code?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2024 03:40 PM
Hi @Sarah Bouil ,
Here are the steps and a script to help you achieve this:
Steps:
- Query the user and their groups: Identify the user Test1 and the group Welcome1.
- Check the user's last login date: Ensure the user has not logged in for the last 6 months.
- Send a notification email: Inform the user that their ITIL access will be revoked and the group Welcome1 will be removed due to inactivity.
- Remove the group: If the user meets the criteria, remove the group Welcome1 from the user Test1.
Script:
Here is a script you can use in ServiceNow to automate this process. You can run this script as a background script or in a Script Include.
(function() {
// Define the user and group
var userName = 'Test1';
var groupName = 'Welcome1';
var roleName = 'itil';
// Fetch the user
var userGR = new GlideRecord('sys_user');
userGR.get('user_name', userName);
if (userGR.isValidRecord()) {
// Check the last login date
var lastLoginDate = new GlideDateTime(userGR.last_login_time);
var sixMonthsAgo = new GlideDateTime();
sixMonthsAgo.addMonthsUTC(-6);
if (lastLoginDate.before(sixMonthsAgo)) {
// Fetch the group
var groupGR = new GlideRecord('sys_user_group');
groupGR.get('name', groupName);
if (groupGR.isValidRecord()) {
// Check if the user is in the group
var userGroupGR = new GlideRecord('sys_user_grmember');
userGroupGR.addQuery('user', userGR.sys_id);
userGroupGR.addQuery('group', groupGR.sys_id);
userGroupGR.query();
if (userGroupGR.next()) {
// Send notification email
var email = new GlideEmailOutbound();
email.setSubject('ITIL Access Revocation Notification');
email.setTo(userGR.email);
email.setBody('Dear ' + userGR.name + ',\n\n' +
'We are notifying you that your ITIL access will be revoked and you will be removed from the group: ' + groupName + ', as you have not logged into the system in the last 6 months.\n\n' +
'If you believe this is a mistake or have any concerns, please contact the IT support team.\n\n' +
'Best regards,\n' +
'Your IT Team');
email.send();
// Remove the user from the group
userGroupGR.deleteRecord();
gs.info('User ' + userName + ' removed from group ' + groupName + ' and notified via email.');
} else {
gs.info('User ' + userName + ' is not a member of group ' + groupName);
}
} else {
gs.info('Group ' + groupName + ' not found.');
}
} else {
gs.info('User ' + userName + ' has logged in within the last 6 months.');
}
} else {
gs.info('User ' + userName + ' not found.');
}
})();
Note: Feel free to customize the code, and use this logic where-ever you want.
Thanks,
Hope it helps.
If my solution turns useful, please mark it helpful and accept solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2024 04:33 AM
Hi @Sarah Bouil ,
Here is the updated code from the previous query now include
(function() {
var ITIL_ROLE_ID = '282bf1fac6112285017366cb5f867469'; // ITIL role sys_id
// Function to find all roles containing the given role
function getContainingRoles(roleSysId, rolesToRemove) {
var grRoleContains = new GlideRecord('sys_user_role_contains');
grRoleContains.addQuery('contains', roleSysId);
grRoleContains.query();
while (grRoleContains.next()) {
var containingRoleId = grRoleContains.role.toString();
if (!rolesToRemove.includes(containingRoleId)) {
rolesToRemove.push(containingRoleId);
getContainingRoles(containingRoleId, rolesToRemove);
}
}
}
// Array to keep track of roles to be removed
var rolesToRemove = [ITIL_ROLE_ID];
getContainingRoles(ITIL_ROLE_ID, rolesToRemove);
// Query to get all users with specific criteria
var userGr = new GlideRecord('sys_user');
userGr.addEncodedQuery('sys_idSTARTSWITHf298d2d2c611227b0106c6be7f154bc8'); // Limit to specific users
userGr.setLimit(1);
userGr.query();
gs.print('User count: ' + userGr.getRowCount());
while (userGr.next()) {
gs.print('Processing User: ' + userGr.getDisplayValue('user_name'));
var groupList = []; // To store groups from which the user will be removed
// Remove explicit ITIL role assignments
var userRoleGr = new GlideRecord('sys_user_has_role');
userRoleGr.addQuery('user', userGr.sys_id);
userRoleGr.addQuery('role', 'IN', rolesToRemove.join(','));
userRoleGr.query();
while (userRoleGr.next()) {
gs.log('Removing explicit ITIL role for user: ' + userGr.user_name);
userRoleGr.deleteRecord();
}
// Remove user from groups that provide the ITIL role or its containing roles
var groupMemberGr = new GlideRecord("sys_user_grmember");
groupMemberGr.addQuery("user", userGr.sys_id);
groupMemberGr.query();
while (groupMemberGr.next()) {
var groupRoleGr = new GlideRecord("sys_group_has_role");
groupRoleGr.addQuery("group", groupMemberGr.group);
groupRoleGr.addQuery("role", 'IN', rolesToRemove.join(','));
groupRoleGr.query();
if (groupRoleGr.next()) {
gs.log('User ' + groupMemberGr.getDisplayValue('user') + ' removed from group ' + groupMemberGr.group.name + ' due to License Optimization');
groupList.push(groupMemberGr.group.name.toString()); // Add group name to the list
groupMemberGr.deleteRecord();
}
}
// Send email notification if the user was removed from any group
if (groupList.length > 0) {
var emailBody = 'Dear ' + userGr.name + ',\n\n' +
'We are notifying you that your ITIL access will be revoked and you will be removed from the following groups due to inactivity for the last 6 months:\n\n' +
groupList.join('\n') + '\n\n' +
'If you believe this is a mistake or have any concerns, please contact the IT support team.\n\n' +
'Best regards,\n' +
'Your IT Team';
gs.email(userGr.email, 'no-reply@yourdomain.com', 'ITIL Access Revocation Notification', emailBody);
gs.log('Notification email sent to user: ' + userGr.user_name);
}
}
})();
This script should help you in getting the above requirement.
If my response has resolved your query, please consider giving it a thumbs up and marking it as the correct answer!
Thanks & Regards,
Sanjay Kumar

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2024 07:00 AM
Hi @Sarah Bouil ,
As this issue is now solved.
Can you please consider giving it a thumbs up and marking it as the correct answer!
Thanks & Regards,
Sanjay Kumar