Role Usage Analyzer

[shivamvish160]

PR Description:

Role Usage Analyzer (Audit-Based) for ServiceNow

Overview

This script analyzes role assignments and identifies roles that may be unused by checking user activity in the sys_audit table. It focuses on recent activity (last 90 days) to determine whether users assigned to a role have interacted with the system.

Features

• Uses sys_audit for accurate activity tracking
• Filters audit records from the last 90 days to reduce data volume
• Flags roles assigned to users who show no audit activity
• Logs potentially unused roles with user count

Usage

1. Navigate to System Definition > Script Includes or Scheduled Script Executions.
2. Create a new Script Include or Scheduled Job named Role_Usage_Analyzer_Audit.
3. Paste the contents of Role_Usage_Analyzer_Audit.js into the script field.
4. Run manually or schedule it to run periodically (e.g., monthly).

Notes

• The script uses gs.daysAgo(90) to limit the audit data to recent activity.
• You can adjust the time window by changing the gs.daysAgo() value.
• Consider extending the script to generate reports or notify role owners for cleanup.

Pull Request Checklist

Overview

• Put an x inside of the square brackets to check each item.
• I have read and understood the CONTRIBUTING.md guidelines
• My pull request has a descriptive title that accurately reflects the changes and the description has been filled in above.
• I've included only files relevant to the changes described in the PR title and description
• I've created a new branch in my forked repository for this contribution

Code Quality

• My code is relevant to ServiceNow developers
• My code snippets expand meaningfully on official ServiceNow documentation (if applicable)
• I've disclosed use of ES2021 features (if applicable)
• I've tested my code snippets in a ServiceNow environment (where possible)

Repository Structure Compliance

• I've placed my code snippet(s) in one of the required top-level categories:
  • Core ServiceNow APIs/
  • Server-Side Components/
  • Client-Side Components/
  • Modern Development/
  • Integration/
  • Specialized Areas/
• I've used appropriate sub-categories within the top-level categories
• Each code snippet has its own folder with a descriptive name

Documentation

• I've included a README.md file for each code snippet
• The README.md includes:
  • Description of the code snippet functionality
  • Usage instructions or examples
  • Any prerequisites or dependencies
  • (Optional) Screenshots or diagrams if helpful

Restrictions

• My PR does not include XML exports of ServiceNow records
• My PR does not contain sensitive information (passwords, API keys, tokens)
• My PR does not include changes that fall outside the described scope

[ravichandra1998g]

Hello @shivamvish160

It doesn't have a script including syntax and this doesn't need to be a script include unless it's reusable from different scripts.

This just prints the info messages. So Can you please place this script under the background scripts folder where it suits more.

There is also a scheduled jobs folder seperately, please place it there if the invention is to run at scheduled dates..

• Also, it is not recommended to query the sys_audit table in scripts as the table contains huge data (easily one of the Top 10 tables in every instance)

Closing this for now.
Kindly reopen or create a new PR after making the changes.