Hacks

0

Read before upgrading your plugins to version 11.0.3 – “GRC Business Users” 0 (0)

Posted on by Rafael

Hello all,

I was trying to search for comments or posts around this plugin upgrade version (11.0.3) but it seems it did slipper somehow.

ServiceNow introduced the new role “GRC Business User” in the latest release (11.0.3) and added to all users in the system. Yes, there is no way to stop that to happen (I raised a hi ticket) but there is a KB article that explains the reason behind this change and helps you to rollback this change in case: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0864247

GRC Business Users

The Governance, Risk, and Compliance (GRC) product line requires action from many users who do not have a traditional product role, such as Compliance Reader or Risk Reader.  Even the reader roles allow access to the product module, dashboard, reports, and read-only table access.

To improve the internal security of the product, we created a dedicated GRC Business User role.  This role should be assigned to users who require access only to GRC applications in the context of performing tasks assigned to them; for example, a business user who needs to respond to an attestation or risk assessment.  Users with the GRC Business User role are provided limited access to data and to information relevant to the tasks assigned to them. 

The number of users assigned to the GRC Business User role does not impact product licensing.  Product licensing is based on the number of users that perform GRC operations as opposed to the number of users with a role that allows access to GRC operations.

Important note: To keep the product behavior consistent on upgrade, we initially assign the GRC Business User role to all users in the sys_user table by adding them to the GRC Business Users group.  We do this to match the previous product behavior that tasks such as attestations can be assigned to any internal employee.  You can remove users from the GRC Business User role to restrict access for specific users.

I have improved ootb script to be more defensive and used an on demand schedule job to avoid to get the process hang during execution. That way the process would not be associated to an UI session and would run in the background without interruptions. 

Please use below script to delete all users from GRC Business Users group :

Steps:

1. Create a fix script called “Remove GRC Business User to all users”
Application: GRC: Profile
Script:

var rec = new GlideRecord('sysauto_script');
rec.get('name', 'remove_users_to_grc_business_group');
gs.executeNow(rec);

2. Create a Scheduled Execution Job (sysauto_script) called “remove_users_to_grc_business_group

Application: GRC: Profile

Run as: Administrator

Run: On Demand

Script:

var grGroup = new GlideRecord('sys_user_group');
if (grGroup.get('053cd11a5bda50106d8012300a81c721')) // ensure the group exists and we do not skip the addQuery condition
{
	var grMember = new GlideRecord('sys_user_grmember');
	grMember.addQuery('group', '053cd11a5bda50106d8012300a81c721');
	grMember.query();
	gs.info("KB0864247 - There are " + grMember.getRowCount() + " members of the GRC Business Users group");
	while(grMember.next())
	{
		gs.info("KB0864247 - We are deleting user: " + grMember.user.getDisplayValue() + " - from the group: " + grMember.group.getDisplayValue());
		grMember.deleteRecord();
	}
}

3. Execute the fix script.

If you have any questions, please let me know! Happy GRCommanding 

0

How to recreate a Glide List using last icons 0 (0)

Posted on by Admin

Hi,

Most recently I tried to use the glide list and apparently the “macro” available is using the old version. Gosh no.

In order to improve it, I have created the following UI macro.

Name: GlideList2

Description: This is an optimized Glide List   ready for bootstrap. It was based on old macro lightweight_glide_list and recent HTML code.

Code:

<?xml version="1.0" encoding="utf-8" ?>

<j:jelly trim="false" xmlns:j="jelly:core" xmlns:g="glide" xmlns:j2="null" xmlns:g2="null">

<g:evaluate var="jvar_current_user" expression="gs.getUserDisplayName()" />

<g:evaluate var="jvar_current_user_id" expression="gs.getUserID()" />

<!-- start bootstrap --> 

   <button data-original-title="Edit ${jvar_label}" id="${jvar_control_name}_unlock" data-target="#glide\.${jvar_control_name}" data-placement="auto" title="" data-auto-close="false" style="margin-right: 5px; display: inline-block;" data-type="glide_list_unlock" tabindex="0" class="btn btn-default btn-ref" data-ref="${jvar_control_name}">

   <span aria-hidden="true" class="icon icon-locked"></span>

   <span class="sr-only">Edit ${jvar_label}</span>

   </button>

   <!-- start mode edit -->

   <span id="${jvar_control_name}_edit" style="display: none;">

     <div class="glide-list">

     <select id="select_0${jvar_control_name}" style="direction:ltr; ;" name="select_0${jvar_control_name}" onchange="toggleGlideListIcons('${jvar_control_name}', false);" class="form-control" multiple="yes" size="6"></select>

     <div class="button-column">

     <j:if test="${jvar_can_add_me}">

     <button data-original-title="Add me" id="add_me.${jvar_control_name}" title="" data-user-id="${jvar_current_user_id}" style="display: inline-block;" data-type="glide_list_add_me" class="btn btn-default btn-ref" data-user="${jvar_current_user}" data-ref="${jvar_control_name}">

     <span aria-hidden="true" class="icon-user-add icon"></span><span class="sr-only">${jvar_label} Add me</span>

     </button>

     </j:if>

     

     <button data-original-title="Remove selected item" disabled="" id="remove.${jvar_control_name}" class="btn btn-default btn-ref" title="" style="display: inline-block;" data-type="glide_list_remove" data-ref="${jvar_control_name}">

     <span aria-hidden="true" class="icon icon-cross"></span>

     <span class="sr-only">Remove selected item</span>

     </button>

     <button data-original-title="View selected item" disabled="" id="view2link.${jvar_control_name}" title="" onmouseout="lockPopup(event)" name="view2.${jvar_control_name}" tabindex="-1" onclick="glideListViewSelection('${jvar_control_name}','deapr_glide','sys_user', 'false')" class="btn btn-default btn-ref" type="button" onmouseover="glideListPopupSelection(event, '${jvar_control_name}', 'sys_user')"><span aria-hidden="true" class="icon-view icon"></span>

     <span class="sr-only">View selected item</span>

     </button>

     

     <button data-original-title="Lookup using list" id="lookup.${jvar_control_name}" onclick="reflistOpen( '${jvar_control_name}','select_0${jvar_control_name}','${jvar_table}','null', 'false', ''); mousePositionSave(event); event.stop();" class="btn btn-default btn-ref" title="" name="lookup.{{ref}}">

   <span aria-hidden="true" class="icon icon-search"></span><span class="sr-only">Lookup using list</span>

   </button>

     <button data-original-title="Lock" id="${jvar_control_name}_lock" title="" style="align: left; padding-top: 3px; cursor: pointer; display: none" data-type="glide_list_lock" tabindex="0" class="btn btn-default btn-ref" type="button" data-ref="${jvar_control_name}">

     <span aria-hidden="true" class="icon icon-unlocked"></span><span class="sr-only">Lock"</span>

     </button>

     </div>

     </div>

   </span>

<!-- finish edit -->

<p data-original-title="${jvar_label}" id="${jvar_control_name}_nonedit" class="form-control-static" title="" style="direction:ltr; display: inline-block; "></p>

<input mandatory="false" id="${jvar_control_name}" value="" name="${jvar_control_name}" type="HIDDEN" />

<!--

<input value="" id="sys_original.${jvar_control_name}" name="sys_original.${jvar_control_name}" type="HIDDEN" />

 -->

<!-- finish bootstrap -->

<!-- End List -->

</j:jelly>

On your UI page, you just need to invoke it.

<!-- List -->	
<j:set var="jvar_label" value="Users" />

<j:set var="jvar_control_name" value="zListCollectorUsers" />

<j:set var="jvar_can_add_me" value="true" />

<j:set var="jvar_table" value="sys_user" />

<g:macro_invoke macro="GlideList2" />