Name

sn_risk_advanced.RiskIdentificationUtilsBase

Description

No description available

Script

var RiskIdentificationUtilsBase = Class.create();
RiskIdentificationUtilsBase.prototype = {
  initialize: function() {},

  moveControlsToAttestation: function(riId, table, recordIds_list) {
      return this._moveControlsToAttestation(riId, table, recordIds_list);
  },

  refreshListActivity: function(rID) {
      var gr = new GlideRecord('sn_risk_advanced_risk_identification');
      gr.get(rID);
      if (gr.state == 'compliance_mapping') {
          gr.sys_mod_count = gr.sys_mod_count + 1;
          gr.setWorkflow(false);
          gr.update();
      } else {
          new sn_grc.GRCUtils().updateEntityModCount(gr.entity);
      }
  },

  createRiForEntity: function(riskIdentificationConfigurationObject, entity_ids) {
      return this._createRiForEntity(riskIdentificationConfigurationObject, entity_ids);
  },

  getEntitiesForRiskIdentificationConfiguration: function(riskIdentificationConfigurationObject) {
      return this._getEntitiesForRiskIdentificationConfiguration(riskIdentificationConfigurationObject);
  },

  reinitiateRiskIdentificationWorkflow: function(riskIdentificationObject) {
      this._reinitiateRiskIdentificationWorkflow(riskIdentificationObject);
  },

  showReinitaieWorkflowButton: function(riskIdentificationObject) {
      return this._showReinitaieWorkflowButton(riskIdentificationObject);
  },

  showRetireButton: function(riskIdentificationObject) {
      return this._showRetireButton(riskIdentificationObject);
  },

  reinitiateRiskIdentification: function() {
      this._reinitiateRiskIdentification();
  },

  reinitiateRiskIdentificationAction: function(sourceTable, sourceId, entityId, isEntity) {
      return this._reinitiateRiskIdentificationAction(sourceTable, sourceId, entityId, isEntity);
  },

  removeAssociationToRiskIdentification: function(riId, table, recordIds_list) {
      return this._removeAssociationToRiskIdentification(riId, table, recordIds_list);
  },

  associateRecordToRiskIdentification: function(riId, table, column, recordId) {
      return this._associateRecordToRiskIdentification(riId, table, column, recordId);
  },

  filterRiskStatementsByInformationObjects: function(riskIdentificationObject) {
      return this._filterRiskStatementsByInformationObjects(riskIdentificationObject);
  },

  filterCitationsByInformationObjects: function(riskIdentificationObject) {
      return this._filterCitationsByInformationObjects(riskIdentificationObject);
  },

  filterPoliciesByInformationObjects: function(riskIdentificationObject) {
      return this._filterPoliciesByInformationObjects(riskIdentificationObject);
  },

  filterControlObjectivesByInformationObjects: function(riskIdentificationObject) {
      return this._filterControlObjectivesByInformationObjects(riskIdentificationObject);
  },

  rejectQuestionnaire: function(asmt, noMessage) {
      return this._rejectQuestionnaire(asmt, noMessage);
  },

  canAttest: function(ri) {
      return this._canAttest(ri);
  },

  hasControlsToAttest: function(entityID) {
      return this._hasControlsToAttest(entityID);
  },

  _canAttest: function(ri) {
      return ri.state == 'control_mapping' && this._canAccessButtonsAsComplianceManager(ri) && this._hasControlsToAttest(ri.entity);
  },

  _hasControlsToAttest: function(entityID) {
      var gr = new GlideRecord('sn_compliance_control');
      gr.addQuery('profile', entityID);
      gr.addQuery('state', 'IN', 'draft,monitor');
      gr.setLimit(1);
      gr.query();
      return gr.hasNext();
  },

  _rejectQuestionnaire: function(asmt, noMessage) {
      asmt.state = 'wip';
      asmt.update();
      //Change state of Risk Identification to Information Gathering
      var currentAsmtQues = new GlideRecord('asmt_assessment_instance_question');
      currentAsmtQues.addQuery('instance', asmt.getUniqueValue());
      currentAsmtQues.query();
      while (currentAsmtQues.next()) {
          if (currentAsmtQues.metric.datatype == "attachment") {
              var metricResult = new GlideRecord('asmt_metric_result');
              metricResult.addQuery('instance', asmt.getUniqueValue());
              metricResult.addQuery('metric', currentAsmtQues.metric);
              metricResult.query();
              if (metricResult.next()) {
                  var copyAtt = new GlideSysAttachment();
                  copyAtt.copy('asmt_metric_result', metricResult.getUniqueValue(), 'asmt_assessment_instance_question', currentAsmtQues.getUniqueValue());
              }
          }
      }
      var ri = new GlideRecord('sn_risk_advanced_risk_identification');
      ri.get(asmt.risk_identification);
      ri.state = "information_gathering";
      ri.update();
      if (!noMessage)
          gs.addInfoMessage(gs.getMessage("The previous responses are defaulted and the questionnaire has been sent back to the respondent successfully."));
      gs.eventQueue("sn_risk_advanced.assessment_rejected", asmt, ri.comments.getJournalEntry(1).split("(Additional comments)")[1]);
  },

  filterTableRecords: function(riskIdentificationObject, table, column, riskIdentificationTable) {
      var records = [];
      var infoObjectsArray = [];
      var rel_attributes = [];
      var rel = new GlideRecord('cmdb_rel_attributes');
      rel.addQuery('relation.parent', riskIdentificationObject.entity.applies_to);
      rel.addQuery('relation.child.sys_class_name', 'cmdb_ci_information_object');
      rel.addQuery('qualifier_type', 'cmdb_ci_qualifier_crud');
      rel.query();

      while (rel.next()) {
          infoObjectsArray.push(rel.relation.child);
          if (rel.qualifier_properties != "") {
              rel_attributes.push(rel.qualifier_properties + '');
          } else {
              rel_attributes.push("");
          }
      }

      if (infoObjectsArray.length != 0) {
          for (var i = 0; i < infoObjectsArray.length; i = i + 1) {
              var tableToIo = new GlideRecord(table);
              if (riskIdentificationTable == "sn_risk_risk") {
                  tableToIo.addQuery('sn_grc_content.sys_class_name', 'sn_risk_definition');
              }
              if (riskIdentificationTable == "sn_risk_advanced_m2m_content_risk_identification") {
                  tableToIo.addQuery('sn_grc_content.sys_class_name', 'sn_compliance_citation');
              }
              tableToIo.addQuery('information_object', 'IN', infoObjectsArray[i]);
              var no_of_attributes = 0;
              if (rel_attributes[i] != '')
                  no_of_attributes = rel_attributes[i].split(',').length;

              if (no_of_attributes > 0) {
                  var attributes_list = rel_attributes[i].split(',');
                  var tableToIo_condition = tableToIo.addQuery('applicable_for', 'CONTAINS', attributes_list[0]);
                  for (var j = 1; j < no_of_attributes; j = j + 1) {
                      tableToIo_condition.addOrCondition('applicable_for', 'CONTAINS', attributes_list[j]);
                  }
              }
              tableToIo.query();
              while (tableToIo.next()) {
                  var riTable = new GlideRecord(riskIdentificationTable);
                  if (riskIdentificationTable == "sn_risk_risk") {
                      var entity = riskIdentificationObject.entity;
                      riTable.addQuery('profile', '=', entity);
                      riTable.addQuery('statement', tableToIo[column] + '');
                  } else {
                      riTable.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
                      riTable.addQuery(column, tableToIo[column] + '');
                  }
                  riTable.query();
                  if (!riTable.next())
                      records.push(tableToIo[column] + '');
              }
          }
      }
      return records;
  },

  getRespondent: function(riskIdentificationObject) {
      return this._getRespondent(riskIdentificationObject);
  },

  sendAssessment: function(riskIdentificationObject, respondent) {
      this._sendAssessment(riskIdentificationObject, respondent);
  },

  filterEntities: function() {
      return this._filterEntities();
  },

  getConfiguration: function(entity) {
      return this._getConfiguration(entity);
  },

  showPerformInherentAsmtButton: function(riskIdentificationObject) {
      return this._showPerformInherentAsmtButton(riskIdentificationObject);
  },

  showAssociateRisksButton: function(riskIdentificationObject) {
      return this._showAssociateRisksButton(riskIdentificationObject);
  },

  showMonitorButton: function(riskIdentificationObject) {
      return this._showMonitorButton(riskIdentificationObject);
  },

  showRecommendedRiskStatementButton: function(riskIdentificationObject) {
      return this._showRecommendedRiskStatementButton(riskIdentificationObject);
  },

  showAssociateControlsButton: function(riskIdentificationObject) {
      return this._showAssociateControlsButton(riskIdentificationObject);
  },

  showAssociateCitationsAndPoliciesButton: function(riskIdentificationObject) {
      return this._showAssociateCitationsAndPoliciesButton(riskIdentificationObject);
  },

  showRecommendedCitationsButton: function(riskIdentificationObject) {
      return this._showRecommendedCitationsButton(riskIdentificationObject);
  },

  showRecommendedControlsButton: function(riskIdentificationObject) {
      return this._showRecommendedControlsButton(riskIdentificationObject);
  },

  showRecommendedPoliciesButton: function(riskIdentificationObject) {
      return this._showRecommendedPoliciesButton(riskIdentificationObject);
  },

  showRequestReassessmentButton: function(riskIdentificationObject) {
      return this._showRequestReassessmentButton(riskIdentificationObject);
  },

  showInitiateQuestionnaireButton: function(riskIdentificationObject) {
      return this._showInitiateQuestionnaireButton(riskIdentificationObject);
  },

  getValidRiskManagers: function(riskIdentificationObject) {
      return this._getValidRiskManagers(riskIdentificationObject);
  },

  canAccessButtons: function(riskIdentificationObject) {
      return this._canAccessButtons(riskIdentificationObject);
  },

  sendInherentAssessment: function(riskIdentificationObject) {
      return this._sendInherentAssessment(riskIdentificationObject);
  },

  canChangeConfigurationState: function(riskIdentificationConfiguration) {
      return this._canChangeConfigurationState(riskIdentificationConfiguration);
  },

  canAccessButtonsAsComplianceManager: function(riskIdentificationObject) {
      return this._canAccessButtonsAsComplianceManager(riskIdentificationObject);
  },

  canAccessComplianceAddFromLibraryButtons: function(riskIdentificationObject) {
      return this._canAccessComplianceAddFromLibraryButtons(riskIdentificationObject);
  },

  _canAccessComplianceAddFromLibraryButtons: function(riskIdentificationObject) {
      return riskIdentificationObject.getTableName() == 'sn_risk_advanced_risk_identification' && riskIdentificationObject.getValue("state") == 'compliance_mapping' && this._canAccessButtonsAsComplianceManager(riskIdentificationObject);
  },

  getAllControlListFromEntity: function(entity) {
      return this._getAllControlListFromEntity(entity);
  },

  _getAllControlListFromEntity: function(entity) {
      var commonControlIdList = [];
      var commonControlId = new GlideRecord("sn_compliance_m2m_control_entity");
      commonControlId.addActiveQuery();
      commonControlId.addQuery("entity", entity);
      commonControlId.query();

      while (commonControlId.next()) {
          commonControlIdList.push(commonControlId.getValue("control"));
      }

      return commonControlIdList;
  },

  getUnassignedRisksFromLibrary: function(riskIdentificationObject) {
      var riskStatements = [];
      var entity_id = riskIdentificationObject.entity;
      var risks = new GlideRecord('sn_risk_risk');
      risks.addQuery('profile', '=', entity_id);
      risks.addQuery('instance', true);
      risks.query();
      while (risks.next()) {
          riskStatements.push(risks.statement + '');
      }
      return riskStatements.join(',');
  },

  getUnassignedCitationsFromLibrary: function(riskIdentificationObject) {
      var addedCitations = [];
      var ciToRi = new GlideRecord('sn_risk_advanced_m2m_content_risk_identification');
      ciToRi.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
      ciToRi.addQuery('sn_grc_content.sys_class_name', "sn_compliance_citation");
      ciToRi.query();
      while (ciToRi.next()) {
          addedCitations.push(ciToRi.sn_grc_content + '');
      }
      return addedCitations.join(',');
  },

  getUnassignedPoliciesFromLibrary: function(riskIdentificationObject) {
      var addedPolicies = [];
      var poToRi = new GlideRecord('sn_risk_advanced_m2m_document_risk_identification');
      poToRi.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
      poToRi.addQuery('sn_grc_document.sys_class_name', "sn_compliance_policy");
      poToRi.query();
      while (poToRi.next()) {
          addedPolicies.push(poToRi.sn_grc_document + '');
      }
      return addedPolicies.join(',');
  },

  getUnassignedControlObjectivesFromLibrary: function(riskIdentificationObject) {
      var addedCo = [];
      var ri = riskIdentificationObject;

      var coToProfile = new GlideRecord('sn_compliance_control');
      coToProfile.addQuery('profile', ri.entity + '');
      coToProfile.addQuery('instance', true);
      coToProfile.query();
      while (coToProfile.next()) {
          addedCo.push(coToProfile.content + '');
      }
      return addedCo.join(',');
  },

  _reinitiateRiskIdentificationAction: function(sourceTable, sourceId, entityId, isEntity) {
      var riskIdentificationObject = new GlideRecord('sn_risk_advanced_risk_identification');
      if (isEntity) {
          riskIdentificationObject.addQuery('entity', entityId);
      } else {
          riskIdentificationObject.addQuery('entitiy.applies_to', sourceId);
          riskIdentificationObject.addQuery('entity.table', 'sourceTable');
      }
      riskIdentificationObject.query();
      if (riskIdentificationObject.next()) {
          if (riskIdentificationObject.state == "monitor") {
              riskIdentificationObject.setValue('entity', entityId);
              riskIdentificationObject.setValue('state', 'new');
              riskIdentificationObject.setValue('next_initiation_date', '');
              riskIdentificationObject.update();
              gs.info("SUCCESS: Successfully reinitiated risk identification.");
              return "Successfully reinitiated risk identification.";
          } else {
              gs.info("FAILED: Risk Identification record should be in monitor state before reinitating.");
              return "Risk Identification record should be in monitor state before reinitating.";
          }
      } else {
          gs.info("FAILED: No risk identification record found with the current entity");
          return "No risk identification record found with the current entity.";
      }

  },

  _associateRecordToRiskIdentification: function(riId, table, column, recordId) {
      var recordToRiskIdentification = new GlideRecord(table);
      recordToRiskIdentification.addQuery(column, recordId);
      recordToRiskIdentification.addQuery('risk_identification', riId);
      recordToRiskIdentification.query();
      if (!recordToRiskIdentification.hasNext()) {
          recordToRiskIdentification.initialize();
          recordToRiskIdentification.setValue(column, recordId);
          recordToRiskIdentification.setValue('risk_identification', riId);
          var result = recordToRiskIdentification.insert();
          if (result != "") {
              return "success";
          }
      }
  },

  _canChangeConfigurationState: function(riskIdentificationConfiguration) {
      var ri = new GlideRecord('sn_risk_advanced_risk_identification');
      ri.addQuery('risk_identification_configuration', riskIdentificationConfiguration.getUniqueValue());
      ri.addQuery('state', '!=', 'retired');
      ri.setLimit(1);
      ri.query();
      if (ri.hasNext()) {
          return false;
      } else {
          return true;
      }
  },

  _canAccessButtons: function(riskIdentificationObject) {
      if (riskIdentificationObject.risk_manager != '')
          return gs.getUserID() == riskIdentificationObject.risk_manager + '';
      else
          return gs.getUser().isMemberOf(riskIdentificationObject.risk_identification_configuration.risk_manager_group + '');
  },

  _canAccessButtonsAsComplianceManager: function(riskIdentificationObject) {
      return this._canAccessButtons(riskIdentificationObject) && gs.hasRole('sn_compliance.manager');
  },

  _getValidRiskManagers: function(riskIdentificationObject) {
      var members = new GlideRecord("sys_user_grmember");
      members.addQuery("group", riskIdentificationObject.risk_identification_configuration.risk_manager_group + '');
      members.query();
      var list = [];
      while (members.next()) {
          list.push(members.user + '');
      }
      return "sys_idIN" + list.join(",") + "^active=true";
  },

  _showRequestReassessmentButton: function(riskIdentificationObject) {
      return riskIdentificationObject.state == 'review' && this._canAccessButtons(riskIdentificationObject);
  },

  _showInitiateQuestionnaireButton: function(riskIdentificationObject) {
      return riskIdentificationObject.state == 'new' && riskIdentificationObject.risk_identification_configuration.initiate_questionnaire && this._canAccessButtons(riskIdentificationObject);
  },

  _showPerformInherentAsmtButton: function(riskIdentificationObject) {
      return riskIdentificationObject.entity.applies_to && riskIdentificationObject.risk_identification_configuration.inherent_assessment && ((riskIdentificationObject.state == 'new' && !riskIdentificationObject.risk_identification_configuration.initiate_questionnaire) || (riskIdentificationObject.state == 'review') || (this._isQuestionnaireCompleted(riskIdentificationObject) && riskIdentificationObject.state == 'information_gathering')) && this._canAccessButtons(riskIdentificationObject);
  },

  _isQuestionnaireCompleted: function(riskIdentificationObject) {
      var asmt = new GlideRecord("asmt_assessment_instance");
      asmt.addQuery("risk_identification", riskIdentificationObject.getUniqueValue());
      asmt.orderByDesc("sys_created_on");
      asmt.setLimit(1);
      asmt.query();
      if (asmt.next()) {
          return asmt.getValue("state") == "complete";
      }
      return false;
  },

  _showAssociateRisksButton: function(riskIdentificationObject) {
      return ((riskIdentificationObject.state == 'new' && (!riskIdentificationObject.risk_identification_configuration.initiate_questionnaire && (!riskIdentificationObject.risk_identification_configuration.inherent_assessment || !riskIdentificationObject.entity.applies_to))) || (riskIdentificationObject.state == "review" && (!riskIdentificationObject.risk_identification_configuration.inherent_assessment || !riskIdentificationObject.entity.applies_to)) || (riskIdentificationObject.state == "compliance_mapping") || (riskIdentificationObject.state == "control_mapping" && !riskIdentificationObject.creating_controls)) && this._canAccessButtons(riskIdentificationObject);
  },

  _showRecommendedRiskStatementButton: function(riskIdentificationObject) {
      return (riskIdentificationObject.state == "risk_mapping" && riskIdentificationObject.risk_identification_configuration.enable_recommendation_engine && this._canAccessButtons(riskIdentificationObject));
  },

  _showAssociateCitationsAndPoliciesButton: function(riskIdentificationObject) {
      return ((riskIdentificationObject.state == "risk_mapping" || (riskIdentificationObject.state == "control_mapping" && !riskIdentificationObject.creating_controls)) && this._canAccessButtons(riskIdentificationObject));
  },

  _showAssociateControlsButton: function(riskIdentificationObject) {
      return riskIdentificationObject.state == "compliance_mapping" && this._canAccessButtonsAsComplianceManager(riskIdentificationObject);
  },

  _showRecommendedCitationsButton: function(riskIdentificationObject) {
      return (riskIdentificationObject.state == "compliance_mapping" && riskIdentificationObject.risk_identification_configuration.enable_recommendation_engine && this._canAccessButtonsAsComplianceManager(riskIdentificationObject));
  },

  _showRecommendedPoliciesButton: function(riskIdentificationObject) {
      return (riskIdentificationObject.state == "compliance_mapping" && riskIdentificationObject.risk_identification_configuration.enable_recommendation_engine && this._canAccessButtonsAsComplianceManager(riskIdentificationObject));
  },

  _showMonitorButton: function(riskIdentificationObject) {
      var isComplianceInstalled = GlidePluginManager.isActive('com.sn_compliance') || GlidePluginManager.isActive('sn_compliance');
      if (isComplianceInstalled) {
          return riskIdentificationObject.state == "control_mapping" && !riskIdentificationObject.creating_controls && this._canAccessButtons(riskIdentificationObject);
      } else {
          return riskIdentificationObject.state == "risk_mapping" && this._canAccessButtons(riskIdentificationObject);
      }

  },

  _getConfiguration: function(entity) {
      var config = '';
      var rec = new GlideRecord('sn_risk_advanced_risk_identification_configuration');
      rec.addNotNullQuery('table');
      rec.addQuery('table', entity.table);
      rec.addQuery('state', '2');
      rec.query();
      //if Published Configuration with Entity's table exists
      if (rec.next()) {
          config = rec.getUniqueValue();

      } //if Published Configuration with Entity's entity class exists
      else if (entity.profile_class != '') {
          rec = new GlideRecord('sn_risk_advanced_risk_identification_configuration');
          rec.addNotNullQuery('target_entity_class');
          rec.addNullQuery('table');
          rec.addQuery('target_entity_class', entity.profile_class);
          rec.addQuery('state', '2');
          rec.query();
          if (rec.next())
              config = rec.getUniqueValue();
      }
      return config;
  },

  _filterEntities: function() {
      var query = '';
      //Get all entities whose entity class has a published configuration
      var configs = new GlideRecord("sn_risk_advanced_risk_identification_configuration");
      configs.addQuery("state", "2");
      configs.addNotNullQuery("target_entity_class");
      configs.addNullQuery("table");
      configs.query();
      while (configs.next()) {
          if (query == '') {
              query += "profile_classIN";
          }
          query += configs.target_entity_class + ',';
      }
      if (query[query.length - 1] == ',')
          query = query.substring(0, query.length - 1);
      //Get all entities whose table has a published configuration
      configs.initialize();
      configs.addQuery("state", "2");
      configs.addNotNullQuery("table");
      configs.query();
      if (configs.hasNext()) {
          if (query == '')
              query += "tableIN";
          else
              query += "^ORtableIN";
      }
      while (configs.next()) {
          query += configs.table + ',';
      }
      if (query[query.length - 1] == ',')
          query = query.substring(0, query.length - 1);
      if (query != '') {
          query += '^active=true';
          //Get all entities which already has Risk identification record
          query += '^sys_idNOT IN';
          var ident = new GlideRecord("sn_risk_advanced_risk_identification");
          ident.query();
          while (ident.next()) {
              query += ident.entity + ',';
          }
          if (query[query.length - 1] == ',')
              query = query.substring(0, query.length - 1);
      } else
          query = 'sys_id=';

      return query;
  },

  _getRespondent: function(riskIdentificationObject) {
      var respondantID = '';
      if (riskIdentificationObject.risk_identification_configuration.respondent_type == "0") {
          if (riskIdentificationObject.entity.owned_by != "") {
              respondantID = riskIdentificationObject.entity.owned_by + '';
          }
      } else {
          var table = new GlideRecord(riskIdentificationObject.entity.table);
          table.get(riskIdentificationObject.entity.applies_to);
          var element = table.getElement(riskIdentificationObject.risk_identification_configuration.respondant_field);
          if (element.getED().getInternalType() == 'reference' && element.getReferenceTable() == 'sys_user' && table.getValue(riskIdentificationObject.risk_identification_configuration.respondant_field))
              respondantID = table.getValue(riskIdentificationObject.risk_identification_configuration.respondant_field);
      }
      if (respondantID != '') {
          var hasRole = new GlideRecord("sys_user_has_role");
          hasRole.addEncodedQuery('user=' + respondantID + '^role.name=sn_grc.business_user^ORrole.name=sn_grc.business_user_lite');
          hasRole.query();
          if (hasRole.hasNext())
              return respondantID;
          else
              return false;
      }
      return false;

  },

  _sendAssessment: function(riskIdentificationObject, respondent) {
      var metricType = riskIdentificationObject.risk_identification_configuration.questionnaire;
      var entity = riskIdentificationObject.entity;
      var entityGr = new GlideRecord('sn_grc_profile');
      entityGr.get(entity);
      // Check if assessable record exists and Create new assessment instance
      new global.AssessmentUtils().checkRecord(entityGr, metricType + '');
      var output = new global.AssessmentUtils().createAssessments(metricType, entity, respondent);
      // Verifying Instance gets created
      if (output) {
          var asmt = new GlideRecord("asmt_assessment_instance");
          var instanceId = asmt.get(output.substring(0, 32));
          if (instanceId) {
              var name = riskIdentificationObject.entity.name + '';
              if (riskIdentificationObject.entity.profile_class)
                  name = riskIdentificationObject.entity.profile_class.name + ' - ' + riskIdentificationObject.entity.name;
              var escapeElement = GlideStringUtil.escapeHTML(riskIdentificationObject.risk_identification_configuration.questionnaire.name);
              gs.addInfoMessage(gs.getMessage("The questionnaire {0} to collect details about {1} has been successfully sent to the respondent.", [escapeElement, name]));
              // Risk Identification -> asmt_instance
              asmt.risk_identification = riskIdentificationObject.getUniqueValue();
              asmt.update();
              //Update state to information_gathering if new assessment is succesfully created
              riskIdentificationObject.state = "information_gathering";
              riskIdentificationObject.update();

              //copy previous responses if any
              if (riskIdentificationObject.risk_identification_configuration.copy_previous_questionnaire_response) {
                  var prevAsmt = new GlideRecord('asmt_assessment_instance');
                  prevAsmt.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
                  prevAsmt.addQuery('state', 'complete');
                  prevAsmt.orderByDesc("sys_created_on");
                  prevAsmt.setLimit(1);
                  prevAsmt.query();
                  if (prevAsmt.next()) {
                      //Get all metric responses of previous questionnaire
                      var prevAsmtQues = new GlideRecord('asmt_assessment_instance_question');
                      prevAsmtQues.addQuery('instance', prevAsmt.getUniqueValue());
                      prevAsmtQues.query();
                      while (prevAsmtQues.next()) {
                          //Get current assessment's reponse of previous metric
                          var que = new GlideRecord('asmt_assessment_instance_question');
                          que.addQuery('instance', asmt.getUniqueValue());
                          que.addQuery('metric', prevAsmtQues.metric);
                          que.query();
                          // For multi selection question, asmt_assessment_instance_question records will be as many as choices selected. By default when new assesssment is created, only 1 record of  asmt_assessment_instance_question is created. If previous response had say 2 choices selected, we need to create 1 record manually  
                          var doesQueExists = que.hasNext();
                          if (que.next() && que.value == '' && que.string_value == '') {
                              if (que.metric.datatype == "attachment") {
                                  //asmt instance question is attachment 
                                  var metricResult = new GlideRecord('asmt_metric_result');
                                  metricResult.addQuery('instance', prevAsmt.getUniqueValue());
                                  metricResult.addQuery('metric', que.metric);
                                  metricResult.query();
                                  if (metricResult.next()) {
                                      var copyAtt = new GlideSysAttachment();
                                      copyAtt.copy('asmt_metric_result', metricResult.getUniqueValue(), 'asmt_assessment_instance_question', que.getUniqueValue());
                                  }
                              } else {
                                  que.value = prevAsmtQues.value;
                                  que.string_value = prevAsmtQues.string_value;
                                  que.update();
                              }
                          } else if (doesQueExists && (que.value != '' || que.string_value != '')) {
                              que.value = prevAsmtQues.value;
                              que.string_value = prevAsmtQues.string_value;
                              que.insert();
                          }
                      }
                  }
              }

          }
      }
  },

  _filterControlObjectivesByInformationObjects: function(riskIdentificationObject) {
      var controlObjectives = [];
      var co = '';
      var ctTori = new GlideRecord('sn_risk_advanced_m2m_content_risk_identification');
      ctTori.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
      ctTori.query();
      var ctToco = new GlideRecord('sn_compliance_m2m_statement_citation');
      while (ctTori.next()) {
          ctToco.initialize();
          ctToco.addQuery('sn_compliance_citation', ctTori.sn_grc_content);
          ctToco.query();
          while (ctToco.next()) {
              co = this._checkIfControlObjectiveExists(riskIdentificationObject, ctToco.sn_compliance_policy_statement + '');
              if (co != '') {
                  controlObjectives.push(co);
              }
          }
      }
      var pTori = new GlideRecord('sn_risk_advanced_m2m_document_risk_identification');
      pTori.addQuery('risk_identification', riskIdentificationObject.getUniqueValue());
      pTori.query();
      var pToco = new GlideRecord('sn_compliance_m2m_policy_policy_statement');
      while (pTori.next()) {
          pToco.initialize();
          pToco.addQuery('document', pTori.sn_grc_document);
          pToco.addQuery('content', 'NOT IN', controlObjectives);
          pToco.query();
          while (pToco.next()) {
              co = this._checkIfControlObjectiveExists(riskIdentificationObject, pToco.content + '');
              if (co != '') {
                  controlObjectives.push(co);
              }
          }
      }
      var rsToRi = new GlideRecord('sn_risk_risk');
      rsToRi.addQuery('active', true);
      rsToRi.addQuery('profile', riskIdentificationObject.entity);
      rsToRi.query();
      var rsToco = new GlideRecord('sn_risk_m2m_risk_definition_policy_statement');
      while (rsToRi.next()) {
          rsToco.initialize();
          rsToco.addQuery('sn_risk_definition', rsToRi.statement);
          rsToco.addQuery('sn_compliance_policy_statement', 'NOT IN', controlObjectives);
          rsToco.query();
          while (rsToco.next()) {
              co = this._checkIfControlObjectiveExists(riskIdentificationObject, rsToco.sn_compliance_policy_statement + '');
              if (co != '') {
                  controlObjectives.push(co);
              }
          }
      }
      return controlObjectives;
  },

  _checkIfControlObjectiveExists: function(riskIdentificationObject, content) {
      var co = new GlideRecord('sn_compliance_policy_statement');
      co.get(content);
      if (!co.active)
          return '';
      var riTable = new GlideRecord('sn_compliance_control');
      riTable.addQuery('profile', riskIdentificationObject.entity);
      riTable.addQuery('content', content);
      riTable.query();
      if (!riTable.next()) {
          return content;
      }
      return '';
  },

  _filterRiskStatementsByInformationObjects: function(riskIdentificationObject) {
      return this.filterTableRecords(riskIdentificationObject, 'sn_grc_m2m_content_information_object', 'sn_grc_content', 'sn_risk_risk');
  },

  _filterPoliciesByInformationObjects: function(riskIdentificationObject) {
      return this.filterTableRecords(riskIdentificationObject, 'sn_grc_m2m_document_information_object', 'sn_grc_document', 'sn_risk_advanced_m2m_document_risk_identification');
  },

  _filterCitationsByInformationObjects: function(riskIdentificationObject) {
      return this.filterTableRecords(riskIdentificationObject, 'sn_grc_m2m_content_information_object', 'sn_grc_content', 'sn_risk_advanced_m2m_content_risk_identification');
  },

  _sendInherentAssessment: function(riskIdentificationObject) {
      var result = {};
      var isAssessorUser = false,
          isApproverUser = false,
          assessorID = '',
          approverID = '';
      var sourceRecord = new GlideRecord(riskIdentificationObject.entity.table);
      sourceRecord.get(riskIdentificationObject.entity.applies_to);

      var utils = new sn_risk_advanced.RiskAssessmentUtils();

      //Assessor
      if (riskIdentificationObject.risk_manager) {
          isAssessorUser = true;
          assessorID = riskIdentificationObject.risk_manager;
      } else {
          assessorID = riskIdentificationObject.risk_identification_configuration.risk_manager_group;
      }
      //Approver
      if (riskIdentificationObject.risk_identification_configuration.review_inherent_assessment) {
          if (riskIdentificationObject.risk_identification_configuration.approver_type == '2') {
              approverID = riskIdentificationObject.risk_identification_configuration.approver_group;
          } else {
              if (!sourceRecord.getValue(riskIdentificationObject.risk_identification_configuration.approver)) {
                  var msg = gs.getMessage("The inherent assessment could not be initiated as the approver is not available. Please contact your administrator to review the risk identification configuration and then try to initiate the assessment again.");
                  result.status = 0;
                  result.errorMsg = msg;
                  gs.addErrorMessage(msg);
                  return result;
              } else if (!utils.checkApproverRolePresent(sourceRecord.getElement(riskIdentificationObject.risk_identification_configuration.approver).getRefRecord())) {
                  var msg = gs.getMessage("The inherent assessment could not be initiated as the approver doesn't have sn_risk_advanced.ara_approver role. Please contact your administrator and then try to initiate the assessment again.");
                  result.status = 0;
                  result.errorMsg = msg;
                  gs.addErrorMessage(msg);
                  return result;
              } else {
                  isApproverUser = true;
                  approverID = sourceRecord.getValue(riskIdentificationObject.risk_identification_configuration.approver);
              }
          }
      }
      result = utils.createRiskAssessment(sourceRecord, assessorID, approverID, isAssessorUser, isApproverUser);
      if (result.status == 0) {
          gs.addErrorMessage(result.errorMsg);
      } else {
          gs.addInfoMessage(result.msg);
          riskIdentificationObject.state = "inherent_assessment";
          riskIdentificationObject.update();
      }
      return result;
  },

  _removeAssociationToRiskIdentification: function(riId, table, recordIds_list) {
      var confirmed_deletion = 0;
      var table_name = table;
      if (table_name == "sn_compliance_citation") {
          var contentM2mRi = new GlideRecord('sn_risk_advanced_m2m_content_risk_identification');
          contentM2mRi.addQuery('risk_identification', riId);
          contentM2mRi.addEncodedQuery('sn_grc_contentIN' + recordIds_list);
          contentM2mRi.query();
          while (contentM2mRi.next()) {
              if (contentM2mRi.deleteRecord()) {
                  confirmed_deletion = confirmed_deletion + 1;
              }
          }
          return confirmed_deletion + '';

      } else if (table_name == "sn_compliance_policy") {
          var documentM2mRi = new GlideRecord('sn_risk_advanced_m2m_document_risk_identification');
          documentM2mRi.addQuery('risk_identification', riId);
          documentM2mRi.addEncodedQuery('sn_grc_documentIN' + recordIds_list);
          documentM2mRi.query();
          while (documentM2mRi.next()) {
              if (documentM2mRi.deleteRecord()) {
                  confirmed_deletion = confirmed_deletion + 1;
              }
          }
          return confirmed_deletion + '';
      }
      return 0;
  },

  _reinitiateRiskIdentification: function() {

      //Set Risk Identification state as new
      var today = new GlideDate();
      var ri = new GlideRecord('sn_risk_advanced_risk_identification');
      ri.addQuery('state', 'monitor');
      ri.addQuery('next_initiation_date', '!=', "");
      ri.addQuery('next_initiation_date', '<=', today.getValue());
      ri.query();
      while (ri.next()) {
          ri.setValue('state', 'new');
          ri.setValue("next_initiation_date", "");
          ri.update();
      }

  },

  _reinitiateRiskIdentificationWorkflow: function(riskIdentificationObject) {
      riskIdentificationObject.state = "new";
      riskIdentificationObject.next_initiation_date = "";
      riskIdentificationObject.update();
  },

  _showReinitaieWorkflowButton: function(riskIdentificationObject) {
      return this._canAccessButtons(riskIdentificationObject) && riskIdentificationObject.entity.active && (riskIdentificationObject.state == "monitor" || riskIdentificationObject.state == "retired");
  },

  _showRetireButton: function(riskIdentificationObject) {
      return riskIdentificationObject.state != "retired" && !riskIdentificationObject.creating_controls && this._canAccessButtons(riskIdentificationObject);
  },

  _moveControlsToAttestation: function(riId, table, recordIds_list) {
      var result = 0;
      if (table == "sn_compliance_control") {
          var control = new GlideRecord('sn_compliance_control');
          var riskIdentificationObject = new GlideRecord('sn_risk_advanced_risk_identification');
          riskIdentificationObject.get(riId);
          control.addQuery('profile', riskIdentificationObject.entity);
          control.addEncodedQuery('sys_idIN' + recordIds_list);
          control.addQuery('state', 'draft');
          control.query();
          while (control.next()) {
              control.setValue("state", "attest");
              var response = control.update();
              if (response != "") {
                  result = result + 1;
              }
          }
      }
      return result + '';
  },

  _getEntitiesForRiskIdentificationConfiguration: function(riskIdentificationConfigurationObject) {
      var records = [];
      var entitiesWithRI = [];

      var entity = new GlideRecord('sn_grc_profile');
      entity.addQuery('active', true);
      var config_level = riskIdentificationConfigurationObject.configuration_level;
      //Configuration level is Entity class
      var ri = new GlideRecord('sn_risk_advanced_risk_identification');
      ri.addQuery('risk_identification_configuration', riskIdentificationConfigurationObject.getUniqueValue());

      if (config_level == 1) {
          entity.addQuery('profile_class', riskIdentificationConfigurationObject.target_entity_class);
          ri.addQuery('entity.profile_class', riskIdentificationConfigurationObject.target_entity_class);
      }
      //Configuration level is Table
      else if (config_level == 2) {
          entity.addQuery('table', riskIdentificationConfigurationObject.table);
          ri.addQuery('entity.table', riskIdentificationConfigurationObject.table);
      }

      ri.query();
      while (ri.next()) {
          entitiesWithRI.push(ri.entity + '');
      }
      //Get entitites without RI
      entity.addEncodedQuery('sys_idNOT IN' + entitiesWithRI);
      entity.query();
      while (entity.next()) {
          records.push(entity.getUniqueValue());
      }
      return records;

  },

  _createRiForEntity: function(riskIdentificationConfigurationObject, entity_ids) {
      var count = 0;
      var ri = new GlideRecord('sn_risk_advanced_risk_identification');
      for (var i = 0; i < entity_ids.length; i = i + 1) {
          ri.initialize();
          ri.entity = entity_ids[i];
          ri.risk_identification_configuration = riskIdentificationConfigurationObject.getUniqueValue();
          var result = ri.insert();
          if (result != "") {
              count = count + 1;
          }
      }
      return count + '';
  },

  type: 'RiskIdentificationUtilsBase'
};

Sys ID

d8b261d477f110102a272f589a106113

Offical Documentation

Official Docs: