Name
global.RoleManagementVerify
Description
A script to verify inherited roles for all users. It is recommended to run this script before activating the com.glide.role_management.inh_count plugin, in order to detect all discrepancies for inherited roles. For example, some current inherited roles after re-calculation might be removed, so the customer might need to add them explicitely to the user. Usage example from background scripts new RoleManagementVerify().verifyInheritedRoles(); Also, if needed, inherited roles can be verified for a specific user new RoleManagementVerify().verifyInheritedRolesForUser( 47de9c73c61122930033f6521d1bb785 , itam );
Script
var RoleManagementVerify = Class.create();
RoleManagementVerify.prototype = {
initialize: function() {
var summary = {};
summary.currInhCount = 0;
summary.calcInhCount = 0;
summary.discrepCount = 0;
this.summary = summary;
},
// verify inherited roles for all users, and show diff between current and re-calculted ones
verifyInheritedRoles: function() {
gs.log(''+new GlideDateTime() + ' Starting checking of inherited roles for all users...');
var user = new GlideRecord('sys_user');
user.initialize();
user.setWorkflow(false);
user.query();
while (user.next()) {
var userSysId = user.getValue('sys_id');
var userName = user.getValue('user_name');
this.verifyInheritedRolesForUser(userSysId, userName);
}
this.summary.currInhCount = this._getInhRolesCount();
gs.log('Number of inherited-role records in sys_user_has role, current: ' + this.summary.currInhCount
+ ', after re-calculation: ' + this.summary.calcInhCount);
gs.log('Number of users with discrepancies for inherited roles: ' + this.summary.discrepCount);
gs.log(''+new GlideDateTime() + ' Finished checking of inherited roles for all users!');
},
// verify roles for the specified user, and report any discrepancies if any
verifyInheritedRolesForUser: function(userSysId, userName) {
var rolesCurr = this.getInheritedRolesCurr(userSysId);
var rolesCalc = this.getInheritedRolesCalc(userSysId);
if (rolesCurr.length == 0 && rolesCalc.length == 0)
return;
this.summary.calcInhCount += rolesCalc.length;
var rolesToBeDeleted = this.getArr1NotInArr2(rolesCurr, rolesCalc);
var rolesToBeAdded = this.getArr1NotInArr2(rolesCalc, rolesCurr);
if (rolesToBeDeleted.length == 0 && rolesToBeAdded.length == 0)
return;
this.summary.discrepCount++;
if (rolesToBeDeleted.length > 0)
gs.log('User: ' + userName + ', inherited roles to be DELETED: ' + this.getRoleNamesByIds(rolesToBeDeleted));
if (rolesToBeAdded.length > 0)
gs.log('User: ' + userName + ', inherited roles to be ADDED: ' + this.getRoleNamesByIds(rolesToBeAdded));
},
// get inherited roles for the specified user from sys_user_has_role
getInheritedRolesCurr: function(userSysId) {
var rRoles = [];
var ga = new GlideAggregate('sys_user_has_role');
ga.addQuery('user', userSysId);
ga.addQuery('inherited', true);
ga.groupBy('role');
ga.addAggregate('COUNT');
ga.query();
while (ga.next()) {
var role = '' + ga.getValue('role');
if (!rRoles.includes(role))
rRoles.push(role);
}
rRoles.sort();
return rRoles;
},
// get recalculated inherited roles for the specified user
getInheritedRolesCalc: function(userSysId) {
var rRoles = [];
var rmAPI = new GlideUserHasRoleInhCountFixer();
var mapRoleCount = rmAPI.findAllInheritedRoleCountsForUser(userSysId); // Map<String, Integer> mapInhRoleCounts =
var roles = mapRoleCount.keySet().toArray();
for (var i = 0; i < roles.length; i++) {
var role = '' + roles[i];
rRoles.push(role);
}
rRoles.sort();
return rRoles;
},
// find values from array1 that are not present in array2
getArr1NotInArr2: function(arr1, arr2) {
var res = arr1.filter(
function(value) {
if (arr2.indexOf(value) === -1)
return value;
});
return res;
},
// return array with role names from array with sys_ids
getRoleNamesByIds: function(roles) {
var rmAPI = new GlideUserHasRoleInhCountFixer();
var names = [];
for (var i = 0; i < roles.length; i++) {
var name = rmAPI.getRoleNameById(roles[i]);
names.push(name);
}
return names;
},
// get count for inherited roles from sys_user_has_roel
_getInhRolesCount: function() {
var res = 0;
var aggr = new GlideAggregate('sys_user_has_role');
aggr.addQuery('inherited', true);
aggr.addAggregate('COUNT');
aggr.query();
if (aggr.next())
res = aggr.getAggregate('COUNT');
return res;
},
type: 'RoleManagementVerify'
};
Sys ID
729329239f1322001e3a77a0942e702e