Fix script pull

Specialized Areas/Fix scripts/Group Sync Script/README.md

@@ -0,0 +1,28 @@
+ServiceNow Fix Script - Group Role Synchronization
+Overview
+
+This Fix Script automatically validates and synchronizes user roles with their assigned groups in ServiceNow.
+It checks if every user in the target groups has all the roles assigned to that group.
+If any roles are missing, the script re-adds the user to the group, ensuring all inherited roles are correctly applied.
+
+How It Works
+
+Identify Groups
+The script starts by reading the list of sys_ids of the target groups.
+
+Fetch Group Roles
+It retrieves all the roles assigned to each group from the sys_group_has_role table.
+
+Check Each User
+For each user in the group (sys_user_grmember), it fetches their assigned roles from sys_user_has_role.
+
+Detect Missing Roles
+Compares the user’s roles with the group’s roles.
+If any group role is missing for a user:
+
+Removes the user from the group.
+
+Re-adds the user to the group, triggering ServiceNow’s role inheritance process.
+
+Logs
+The script logs all actions using gs.info() for easy monitoring in the system logs.

Specialized Areas/Fix scripts/Group Sync Script/fix_script.js

@@ -0,0 +1,89 @@
+(function executeFixScript() {
+    // List of group sys_ids to process
+    var groupIds = [
+        'a715cd759f2002002920bde8132e7018' // Add more sys_ids if needed
+    ];
+
+    var groupGR = new GlideRecord('sys_user_group');
+    groupGR.addQuery('sys_id', 'IN', groupIds);
+    groupGR.query();
+
+    while (groupGR.next()) {
+        gs.info('Processing Group: ' + groupGR.name);
+
+        // --- Fetch all roles assigned to this group ---
+        var groupRoles = [];
+        var groupRoleGR = new GlideRecord('sys_group_has_role');
+        groupRoleGR.addQuery('group', groupGR.sys_id);
+        groupRoleGR.query();
+
+        while (groupRoleGR.next()) {
+            groupRoles.push(groupRoleGR.role.toString());
+        }
+
+        gs.info('  Group Roles: ' + groupRoles.join(', '));
+
+        // --- Get all users in the group ---
+        var usersInGroup = [];
+        var memberGR = new GlideRecord('sys_user_grmember');
+        memberGR.addQuery('group', groupGR.sys_id);
+        memberGR.query();
+
+        while (memberGR.next()) {
+            var userGR = memberGR.user.getRefRecord();
+            if (userGR.isValidRecord()) {
+                usersInGroup.push({
+                    userRecord: userGR,
+                    memberSysId: memberGR.sys_id
+                });
+            }
+        }
+
+        // --- Validate each user's roles against group roles ---
+        for (var i = 0; i < usersInGroup.length; i++) {
+            var member = usersInGroup[i];
+            var userGR = member.userRecord;
+
+            // Collect all roles assigned to user
+            var userRoles = [];
+            var userRoleGR = new GlideRecord('sys_user_has_role');
+            userRoleGR.addQuery('user', userGR.sys_id);
+            userRoleGR.query();
+
+            while (userRoleGR.next()) {
+                userRoles.push(userRoleGR.role.toString());
+            }
+
+            // Identify missing roles
+            var missingRoles = groupRoles.filter(function(role) {
+                return userRoles.indexOf(role) === -1;
+            });
+
+            if (missingRoles.length > 0) {
+                gs.info('  User ' + userGR.name + ' missing roles: ' + missingRoles.join(', '));
+                gs.info('  Re-adding user to group to refresh roles.');
+
+                // Remove user from the group
+                var deleteGR = new GlideRecord('sys_user_grmember');
+                if (deleteGR.get(member.memberSysId)) {
+                    deleteGR.deleteRecord();
+                }
+
+                // Re-add user to group to trigger role re-evaluation
+                var newMember = new GlideRecord('sys_user_grmember');
+                newMember.initialize();
+                newMember.group = groupGR.sys_id;
+                newMember.user = userGR.sys_id;
+                newMember.insert();
+
+                gs.info('  User ' + userGR.name + ' re-added successfully.');
+            } else {
+                gs.info('  User ' + userGR.name + ' has all required roles.');
+            }
+        }
+
+        gs.info('Completed processing group: ' + groupGR.name);
+    }
+
+    gs.info('Fix Script completed successfully for all specified groups.');
+})();