From d96155a6b974fcf208a7959148a48eb32fc964fb Mon Sep 17 00:00:00 2001 From: SaiSankar1309 <146355902+SaiSankar1309@users.noreply.github.com> Date: Tue, 15 Oct 2024 15:47:42 +0200 Subject: [PATCH 1/6] Remove all the roles for inactive users For any inactive user , remove all the roles associated with that user. --- Background Scripts/Remove all the roles for inactive users | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 Background Scripts/Remove all the roles for inactive users diff --git a/Background Scripts/Remove all the roles for inactive users b/Background Scripts/Remove all the roles for inactive users new file mode 100644 index 0000000000..f33dafe349 --- /dev/null +++ b/Background Scripts/Remove all the roles for inactive users @@ -0,0 +1,4 @@ +var gr = new GlideRecord('sys_user_has_role'); +gr.addEncodedQuery('user.active = false'); +gr.query(); +gr.deleteMultiple(); From fb1c4e78fefe16a9cdff692a5c3fc490f3590959 Mon Sep 17 00:00:00 2001 From: SaiSankar1309 <146355902+SaiSankar1309@users.noreply.github.com> Date: Thu, 17 Oct 2024 10:12:46 +0200 Subject: [PATCH 2/6] Remove all roles from an inactive user When a user in an instance is inactive, it's a good practice to remove all roles assigned to that user. --- Background Scripts/README.md | 13 +++++++++++++ Background Scripts/script.js | 4 ++++ 2 files changed, 17 insertions(+) create mode 100644 Background Scripts/README.md create mode 100644 Background Scripts/script.js diff --git a/Background Scripts/README.md b/Background Scripts/README.md new file mode 100644 index 0000000000..6f1805555c --- /dev/null +++ b/Background Scripts/README.md @@ -0,0 +1,13 @@ + +# Remove all roles from inactive user + +Code Snippet : Remove all roles from an inactive user +When a user in an instance is inactive, it's a good practice to remove all roles assigned to that user. Following piece of code helps to remove all the roles from the inactive user. +~~~ +var gr = new GlideRecord('sys_user_has_role'); +gr.addEncodedQuery('user.active=false'); +gr.query(); +gr.deleteMultiple(); +~~~ +This piece of code can be used in scheduled jobs under scheduled script execution tab. This can be run weekly once to check the last one week inactive users and remove them from all assigned roles (if exist). + diff --git a/Background Scripts/script.js b/Background Scripts/script.js new file mode 100644 index 0000000000..3bdf46d502 --- /dev/null +++ b/Background Scripts/script.js @@ -0,0 +1,4 @@ +var gr = new GlideRecord('sys_user_has_role'); +gr.addEncodedQuery('user.active=false'); +gr.query(); +gr.deleteMultiple(); \ No newline at end of file From 4f9a6064b8dea5b7b1b063c066a9827c322a527b Mon Sep 17 00:00:00 2001 From: SaiSankar1309 <146355902+SaiSankar1309@users.noreply.github.com> Date: Thu, 17 Oct 2024 10:17:29 +0200 Subject: [PATCH 3/6] Remove roles from inactive user When a user in an instance is inactive, it's a good practice to remove all roles assigned to that user. From f1abfd9fe7048297038bc7bb5c7fc794d82de3e1 Mon Sep 17 00:00:00 2001 From: SaiSankar1309 <146355902+SaiSankar1309@users.noreply.github.com> Date: Thu, 17 Oct 2024 10:23:43 +0200 Subject: [PATCH 4/6] Add files via upload --- .../Remove roles from inactive user/README.md | 13 +++++++++++++ .../Remove roles from inactive user/script.js | 4 ++++ 2 files changed, 17 insertions(+) create mode 100644 Background Scripts/Remove roles from inactive user/README.md create mode 100644 Background Scripts/Remove roles from inactive user/script.js diff --git a/Background Scripts/Remove roles from inactive user/README.md b/Background Scripts/Remove roles from inactive user/README.md new file mode 100644 index 0000000000..6f1805555c --- /dev/null +++ b/Background Scripts/Remove roles from inactive user/README.md @@ -0,0 +1,13 @@ + +# Remove all roles from inactive user + +Code Snippet : Remove all roles from an inactive user +When a user in an instance is inactive, it's a good practice to remove all roles assigned to that user. Following piece of code helps to remove all the roles from the inactive user. +~~~ +var gr = new GlideRecord('sys_user_has_role'); +gr.addEncodedQuery('user.active=false'); +gr.query(); +gr.deleteMultiple(); +~~~ +This piece of code can be used in scheduled jobs under scheduled script execution tab. This can be run weekly once to check the last one week inactive users and remove them from all assigned roles (if exist). + diff --git a/Background Scripts/Remove roles from inactive user/script.js b/Background Scripts/Remove roles from inactive user/script.js new file mode 100644 index 0000000000..3bdf46d502 --- /dev/null +++ b/Background Scripts/Remove roles from inactive user/script.js @@ -0,0 +1,4 @@ +var gr = new GlideRecord('sys_user_has_role'); +gr.addEncodedQuery('user.active=false'); +gr.query(); +gr.deleteMultiple(); \ No newline at end of file From 8dc115e566f1b13ef625566c78d78669d04e8a5f Mon Sep 17 00:00:00 2001 From: SaiSankar1309 <146355902+SaiSankar1309@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:31:04 +0200 Subject: [PATCH 5/6] readme.md Detailed steps to setup the business rule : Validate CI on deployed assets --- .../Validate CI on deployed assets/readme.md | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 Business Rules/Validate CI on deployed assets/readme.md diff --git a/Business Rules/Validate CI on deployed assets/readme.md b/Business Rules/Validate CI on deployed assets/readme.md new file mode 100644 index 0000000000..699082b8f8 --- /dev/null +++ b/Business Rules/Validate CI on deployed assets/readme.md @@ -0,0 +1,39 @@ +Business Rule: Validate CI on Deployed Assets + +Overview +This Business Rule enforces CMDB integrity by ensuring that any asset marked as "Deployed" must be linked +to a valid "Configuration Item (CI)". If no CI is associated, the rule automatically notifies the assigned +user's manager to take corrective action. + +This consists of 3 steps: +1. Business rule +2. Event setup +3. Email Notification + +1.Business Rule Configuration +Table: alm_asset +Type: Business Rule +When to run: After Update +Condition : current.install_status == 'Deployed' && !current.ci + +2. Event Setup + Go to System Policy > Events > Event Registry +Click New +Name: asset.ci.missing +Table: alm_asset +Description: Triggered when deployed asset has no CI + +3.Email Notification +Go to System Notification > Email > Notifications +Create a new notification: +Name: Missing CI on Deployed Asset +Table: alm_asset +When to send: Event is fired → asset.ci.missing +Recipients: Event.parm1 (manager) +Subject: Asset ${number} is deployed without a CI +Message: +Hello ${recipient.name}, +The asset ${number} assigned to ${assigned_to.name} is marked as Deployed but has no linked Configuration Item. +Please review and take appropriate action. +Regards, +IT Asset Management From 58d5eb4fbb719280791336ac2e1ce41c5194eef5 Mon Sep 17 00:00:00 2001 From: SaiSankar1309 <146355902+SaiSankar1309@users.noreply.github.com> Date: Thu, 2 Oct 2025 09:35:08 +0200 Subject: [PATCH 6/6] Create script.js Business rule script to validate CI on deployed assets and send an email notification to user's manager if the asset is not linked to a CI. --- .../Validate CI on deployed assets/script.js | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 Business Rules/Validate CI on deployed assets/script.js diff --git a/Business Rules/Validate CI on deployed assets/script.js b/Business Rules/Validate CI on deployed assets/script.js new file mode 100644 index 0000000000..2041dd7d86 --- /dev/null +++ b/Business Rules/Validate CI on deployed assets/script.js @@ -0,0 +1,24 @@ +(function executeRule(current, previous /*null when async*/) { + + + // Only act if asset is deployed and has no CI + if (current.install_status == 'Deployed' && !current.ci) { + // Get the user assigned to the asset + var userGR = new GlideRecord('sys_user'); + if (userGR.get(current.assigned_to.toString())) { + var manager = userGR.manager; + if (manager) { + // Send notification to manager + gs.eventQueue('asset.ci.missing', current, manager.toString(), current.assigned_to.toString()); + gs.info("[Asset-CI Check] Notification sent to manager: " + manager.name); + } else { + gs.info("[Asset-CI Check] Assigned user has no manager."); + } + } else { + gs.info("[Asset-CI Check] Assigned user not found."); + } + } + + + +})(current, previous);