Name

global.RoleManagementVerify

Description

A script to verify inherited roles for all users. It is recommended to run this script before activating the com.glide.role_management.inh_count plugin, in order to detect all discrepancies for inherited roles. For example, some current inherited roles after re-calculation might be removed, so the customer might need to add them explicitely to the user. Usage example from background scripts new RoleManagementVerify().verifyInheritedRoles(); Also, if needed, inherited roles can be verified for a specific user new RoleManagementVerify().verifyInheritedRolesForUser( 47de9c73c61122930033f6521d1bb785 , itam );

Script

var RoleManagementVerify = Class.create();
RoleManagementVerify.prototype = {
  initialize: function() {
  	var summary = {};
  	summary.currInhCount = 0;
  	summary.calcInhCount = 0;
  	summary.discrepCount = 0;
  	this.summary = summary;
  },
  
  // verify inherited roles for all users, and show diff between current and re-calculted ones
  verifyInheritedRoles: function() {
  	gs.log(''+new GlideDateTime() + ' Starting checking of inherited roles for all users...');
  	var user = new GlideRecord('sys_user');
  	user.initialize();
  	user.setWorkflow(false);
  	user.query();
  	while (user.next()) {
  		var userSysId = user.getValue('sys_id');
  		var userName = user.getValue('user_name');
  		this.verifyInheritedRolesForUser(userSysId, userName);
  	}
  	this.summary.currInhCount = this._getInhRolesCount();
  	gs.log('Number of inherited-role records in sys_user_has role, current: ' + this.summary.currInhCount 
  		   + ', after re-calculation: ' + this.summary.calcInhCount);
  	gs.log('Number of users with discrepancies for inherited roles: ' + this.summary.discrepCount);
  	gs.log(''+new GlideDateTime() + ' Finished checking of inherited roles for all users!');
  },
  
  // verify roles for the specified user, and report any discrepancies if any
  verifyInheritedRolesForUser: function(userSysId, userName) {
  	var rolesCurr = this.getInheritedRolesCurr(userSysId);
  	var rolesCalc = this.getInheritedRolesCalc(userSysId);
  	if (rolesCurr.length == 0 && rolesCalc.length == 0)
  		return;

  	this.summary.calcInhCount += rolesCalc.length;

  	var rolesToBeDeleted = this.getArr1NotInArr2(rolesCurr, rolesCalc);
  	var rolesToBeAdded = this.getArr1NotInArr2(rolesCalc, rolesCurr);
  	if (rolesToBeDeleted.length == 0 && rolesToBeAdded.length == 0)
  		return;
  	this.summary.discrepCount++;	
  	if (rolesToBeDeleted.length > 0)
  		gs.log('User: ' + userName + ', inherited roles to be DELETED: ' + this.getRoleNamesByIds(rolesToBeDeleted));
  	if (rolesToBeAdded.length > 0)
  		gs.log('User: ' + userName + ', inherited roles to be ADDED: ' + this.getRoleNamesByIds(rolesToBeAdded));
  },

  // get inherited roles for the specified user from sys_user_has_role
  getInheritedRolesCurr: function(userSysId) {
  	var rRoles = [];
  	var ga = new GlideAggregate('sys_user_has_role');
  	ga.addQuery('user', userSysId);
  	ga.addQuery('inherited', true);
  	ga.groupBy('role');
  	ga.addAggregate('COUNT');
  	ga.query();
  	while (ga.next()) {
  		var role = '' + ga.getValue('role');
  		if (!rRoles.includes(role))
  			rRoles.push(role);
  	}
  	rRoles.sort();
  	return rRoles;
  },
  
  // get recalculated inherited roles for the specified user
  getInheritedRolesCalc: function(userSysId) {
  	var rRoles = [];
  	var rmAPI = new GlideUserHasRoleInhCountFixer();
  	var mapRoleCount = rmAPI.findAllInheritedRoleCountsForUser(userSysId); // Map<String, Integer> mapInhRoleCounts = 
  	var roles = mapRoleCount.keySet().toArray();
  	for (var i = 0; i < roles.length; i++) {
  		var role = '' + roles[i];
  		rRoles.push(role);
  	}
  	rRoles.sort();
  	return rRoles;
  },
  
  // find values from array1 that are not present in array2
  getArr1NotInArr2: function(arr1, arr2) {
  	var res = arr1.filter(
  		function(value) {
  				if (arr2.indexOf(value) === -1) 
  						return value;
  			});
  	return res;
  },

  // return array with role names from array with sys_ids
  getRoleNamesByIds: function(roles) {
  	var rmAPI = new GlideUserHasRoleInhCountFixer();
  	var names = [];
  	for (var i = 0; i < roles.length; i++) {
  		var name = rmAPI.getRoleNameById(roles[i]);
  		names.push(name);
  	}
  	return names;
  },
  
  // get count for inherited roles from sys_user_has_roel
  _getInhRolesCount: function() {
  	var res = 0;
  	var aggr = new GlideAggregate('sys_user_has_role');
  	aggr.addQuery('inherited', true);
  	aggr.addAggregate('COUNT');
  	aggr.query();
  	if (aggr.next())
  		res = aggr.getAggregate('COUNT');
  	return res;
  },
  
  type: 'RoleManagementVerify'
};

Sys ID

729329239f1322001e3a77a0942e702e

Offical Documentation

Official Docs: