Role Usage Analyzer

Server-Side Components/Script Includes/Role Usage Analyzer/README.md

@@ -0,0 +1,24 @@
+# Role Usage Analyzer (Audit-Based) for ServiceNow
+
+## Overview
+
+This script analyzes role assignments and identifies roles that may be unused by checking user activity in the `sys_audit` table. It focuses on recent activity (last 90 days) to determine whether users assigned to a role have interacted with the system.
+
+## Features
+- Uses `sys_audit` for accurate activity tracking
+- Filters audit records from the **last 90 days** to reduce data volume
+- Flags roles assigned to users who show **no audit activity**
+- Logs potentially unused roles with user count
+
+## Usage
+
+1. Navigate to **System Definition > Script Includes** or **Scheduled Script Executions**.
+2. Create a new Script Include or Scheduled Job named `Role_Usage_Analyzer_Audit`.
+3. Paste the contents of `Role_Usage_Analyzer_Audit.js` into the script field.
+4. Run manually or schedule it to run periodically (e.g., monthly).
+
+## Notes
+
+- The script uses `gs.daysAgo(90)` to limit the audit data to recent activity.
+- You can adjust the time window by changing the `gs.daysAgo()` value.
+- Consider extending the script to generate reports or notify role owners for cleanup.

Server-Side Components/Script Includes/Role Usage Analyzer/code.js

@@ -0,0 +1,46 @@
+
+    // Role Usage Analyzer using sys_audit
+    // Description: Identifies roles assigned to users that show no audit activity.
+
+    var roleUsageMap = {};
+    var grUserRole = new GlideRecord('sys_user_has_role');
+    grUserRole.query();
+
+    while (grUserRole.next()) {
+        var userId = grUserRole.user.toString();
+        var roleId = grUserRole.role.toString();
+
+        if (!roleUsageMap[roleId]) {
+            roleUsageMap[roleId] = {
+                users: [],
+                used: false
+            };
+        }
+
+        roleUsageMap[roleId].users.push(userId);
+    }
+
+    // Use sys_audit to check user activity in last 90 days
+    var grAudit = new GlideRecord('sys_audit');
+    var ninetyDaysAgo = gs.daysAgo(90);
+    grAudit.addEncodedQuery('userISNOTEMPTY^sys_created_on>=javascript:gs.daysAgo(90)');
+    grAudit.query();
+
+    while (grAudit.next()) {
+        var userId = grAudit.user.toString();
+        for (var roleId in roleUsageMap) {
+            if (roleUsageMap[roleId].users.indexOf(userId) !== -1) {
+                roleUsageMap[roleId].used = true;
+            }
+        }
+    }
+
+    for (var roleId in roleUsageMap) {
+        if (!roleUsageMap[roleId].used) {
+            var grRole = new GlideRecord('sys_user_role');
+            if (grRole.get(roleId)) {
+                gs.info('[Role Usage Analyzer] Possibly Unused Role: ' + grRole.name + ' | Assigned Users: ' + roleUsageMap[roleId].users.length);
+            }
+        }
+
+    }