Skip to content

Role Usage Analyzer #2304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 19, 2025
Merged

Role Usage Analyzer #2304

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f543998
Create README.md
shivamvish160 Oct 19, 2025
072e920
Create code.js
shivamvish160 Oct 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions Server-Side Components/Scheduled Jobs/Role Usage Analyzer/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Role Usage Analyzer for ServiceNow

## Overview

This script analyzes role assignments in your ServiceNow instance and identifies roles that are assigned to users but appear to be unused. It cross-references user activity logs to determine whether assigned roles are actively used.

## Features

- Scans all roles assigned to users
- Checks user activity via `sys_history_line` to infer role usage
- Flags roles that are assigned but show no signs of usage
- Logs unused roles and the number of users assigned to them

## Usage

1. Navigate to **System Definition > Scheduled Jobs**.
2. Create a new Script Include or Scheduled Job named `Role_Usage_Analyzer`.
3. Paste the contents of `Role_Usage_Analyzer.js` into the script field.
4. Run the script manually or schedule it to run periodically (e.g., weekly or monthly).

## Notes

- This script uses `sys_history_line` to infer user activity. For more accurate results, consider integrating with login logs or audit tables if available.
- You can extend the script to automatically notify administrators or generate reports.
- Roles used only in background scripts or integrations may not show up in history logs — manual review is recommended.

43 changes: 43 additions & 0 deletions Server-Side Components/Scheduled Jobs/Role Usage Analyzer/code.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@

// Role Usage Analyzer Script
// Description: Identifies roles assigned to users that may be unused.

var roleUsageMap = {};
var grUserRole = new GlideRecord('sys_user_has_role');
grUserRole.query();

while (grUserRole.next()) {
var userId = grUserRole.user.toString();
var roleId = grUserRole.role.toString();

if (!roleUsageMap[roleId]) {
roleUsageMap[roleId] = {
users: [],
used: false
};
}

roleUsageMap[roleId].users.push(userId);
}

var grHistory = new GlideRecord('sys_history_line');
grHistory.addQuery('user', 'ISNOTEMPTY');
grHistory.query();

while (grHistory.next()) {
var userId = grHistory.user.toString();
for (var roleId in roleUsageMap) {
if (roleUsageMap[roleId].users.indexOf(userId) !== -1) {
roleUsageMap[roleId].used = true;
}
}
}

for (var roleId in roleUsageMap) {
if (!roleUsageMap[roleId].used) {
var grRole = new GlideRecord('sys_user_role');
if (grRole.get(roleId)) {
gs.info('[Role Usage Analyzer] Unused Role: ' + grRole.name + ' | Assigned to Users: ' + roleUsageMap[roleId].users.length);
}
}
}
Loading