Created
June 14, 2023 17:55
-
-
Save infocynic/f4415e3ddc156122346537c02d13efbf to your computer and use it in GitHub Desktop.
Use SF CLI to sync members of a DelegateGroup from a Role
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param ( | |
[Parameter(Mandatory = $true, HelpMessage = "Specify the target org alias or username.")] | |
[string]$targetOrg, | |
[Parameter(Mandatory = $true, HelpMessage = "Specify the DeveloperName of the DelegateGroup.")] | |
[string]$delegateGroup, | |
[Parameter(Mandatory = $true, HelpMessage = "Specify the DeveloperName of the Role.")] | |
[string]$roleName | |
) | |
# Step 1: Query existing group members | |
$groupMembersQuery = "SELECT Id, UserOrGroupId FROM DelegateGroupMember WHERE DelegateGroupId IN (SELECT Id FROM DelegateGroup WHERE DeveloperName = '$delegateGroup')" | |
$groupMembersResult = sf data:query --query="$groupMembersQuery" --target-org="$targetOrg" --use-tooling-api --json | |
$existingGroupMembers = ($groupMembersResult | ConvertFrom-Json).result.records | |
# Step 2: Query existing role members | |
$roleMembersQuery = "SELECT Id FROM User WHERE UserRole.DeveloperName = '$roleName' AND IsActive = true" | |
$roleMembersResult = sf data:query --query="$roleMembersQuery" --target-org="$targetOrg" --json | |
$existingRoleMembers = ($roleMembersResult | ConvertFrom-Json).result.records | |
# Step 3: Compare user/group IDs | |
$groupMembersToRemove = @() | |
$usersToAddToGroup = @() | |
foreach ($groupMember in $existingGroupMembers) { | |
if ($groupMember.UserOrGroupId -notin $existingRoleMembers.Id) { | |
$groupMembersToRemove += $groupMember.Id | |
} | |
} | |
foreach ($roleMember in $existingRoleMembers) { | |
if ($roleMember.Id -notin $existingGroupMembers.UserOrGroupId) { | |
$usersToAddToGroup += $roleMember.Id | |
} | |
} | |
# Step 4: Remove group members | |
foreach ($groupMemberId in $groupMembersToRemove) { | |
sf data:record:delete --sobject=DelegateGroupMember --record-id=$groupMemberId --use-tooling-api --target-org=$targetOrg | |
} | |
# Step 5: Add users to the group | |
$groupIdQuery = "SELECT Id FROM DelegateGroup WHERE DeveloperName = '$delegateGroup' LIMIT 1" | |
$groupIdResult = sf data:query --query="$groupIdQuery" --target-org="$targetOrg" --use-tooling-api --json | |
$groupId = ($groupIdResult | ConvertFrom-Json).result.records[0].Id | |
foreach ($userId in $usersToAddToGroup) { | |
$groupMemberToAdd = "UserOrGroupId=$userId DelegateGroupId=$groupId" | |
sf data:create:record --sobject=DelegateGroupMember --values="$groupMemberToAdd" --use-tooling-api --target-org=$targetOrg | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment