diff --git a/Specialized Areas/Fix scripts/Group Sync Script/README.md b/Specialized Areas/Fix scripts/Group Sync Script/README.md new file mode 100644 index 0000000000..778ba77b40 --- /dev/null +++ b/Specialized Areas/Fix scripts/Group Sync Script/README.md @@ -0,0 +1,28 @@ +ServiceNow Fix Script - Group Role Synchronization +Overview + +This Fix Script automatically validates and synchronizes user roles with their assigned groups in ServiceNow. +It checks if every user in the target groups has all the roles assigned to that group. +If any roles are missing, the script re-adds the user to the group, ensuring all inherited roles are correctly applied. + +How It Works + +Identify Groups +The script starts by reading the list of sys_ids of the target groups. + +Fetch Group Roles +It retrieves all the roles assigned to each group from the sys_group_has_role table. + +Check Each User +For each user in the group (sys_user_grmember), it fetches their assigned roles from sys_user_has_role. + +Detect Missing Roles +Compares the user’s roles with the group’s roles. +If any group role is missing for a user: + +Removes the user from the group. + +Re-adds the user to the group, triggering ServiceNow’s role inheritance process. + +Logs +The script logs all actions using gs.info() for easy monitoring in the system logs. diff --git a/Specialized Areas/Fix scripts/Group Sync Script/fix_script.js b/Specialized Areas/Fix scripts/Group Sync Script/fix_script.js new file mode 100644 index 0000000000..9e229dfa0b --- /dev/null +++ b/Specialized Areas/Fix scripts/Group Sync Script/fix_script.js @@ -0,0 +1,89 @@ +(function executeFixScript() { + // List of group sys_ids to process + var groupIds = [ + 'a715cd759f2002002920bde8132e7018' // Add more sys_ids if needed + ]; + + var groupGR = new GlideRecord('sys_user_group'); + groupGR.addQuery('sys_id', 'IN', groupIds); + groupGR.query(); + + while (groupGR.next()) { + gs.info('Processing Group: ' + groupGR.name); + + // --- Fetch all roles assigned to this group --- + var groupRoles = []; + var groupRoleGR = new GlideRecord('sys_group_has_role'); + groupRoleGR.addQuery('group', groupGR.sys_id); + groupRoleGR.query(); + + while (groupRoleGR.next()) { + groupRoles.push(groupRoleGR.role.toString()); + } + + gs.info(' Group Roles: ' + groupRoles.join(', ')); + + // --- Get all users in the group --- + var usersInGroup = []; + var memberGR = new GlideRecord('sys_user_grmember'); + memberGR.addQuery('group', groupGR.sys_id); + memberGR.query(); + + while (memberGR.next()) { + var userGR = memberGR.user.getRefRecord(); + if (userGR.isValidRecord()) { + usersInGroup.push({ + userRecord: userGR, + memberSysId: memberGR.sys_id + }); + } + } + + // --- Validate each user's roles against group roles --- + for (var i = 0; i < usersInGroup.length; i++) { + var member = usersInGroup[i]; + var userGR = member.userRecord; + + // Collect all roles assigned to user + var userRoles = []; + var userRoleGR = new GlideRecord('sys_user_has_role'); + userRoleGR.addQuery('user', userGR.sys_id); + userRoleGR.query(); + + while (userRoleGR.next()) { + userRoles.push(userRoleGR.role.toString()); + } + + // Identify missing roles + var missingRoles = groupRoles.filter(function(role) { + return userRoles.indexOf(role) === -1; + }); + + if (missingRoles.length > 0) { + gs.info(' User ' + userGR.name + ' missing roles: ' + missingRoles.join(', ')); + gs.info(' Re-adding user to group to refresh roles.'); + + // Remove user from the group + var deleteGR = new GlideRecord('sys_user_grmember'); + if (deleteGR.get(member.memberSysId)) { + deleteGR.deleteRecord(); + } + + // Re-add user to group to trigger role re-evaluation + var newMember = new GlideRecord('sys_user_grmember'); + newMember.initialize(); + newMember.group = groupGR.sys_id; + newMember.user = userGR.sys_id; + newMember.insert(); + + gs.info(' User ' + userGR.name + ' re-added successfully.'); + } else { + gs.info(' User ' + userGR.name + ' has all required roles.'); + } + } + + gs.info('Completed processing group: ' + groupGR.name); + } + + gs.info('Fix Script completed successfully for all specified groups.'); +})();