How to Remove a Role from a Large User Group in ServiceNow Without Timeout Issues

How to Remove a Role from a Large User Group in ServiceNow Without Timeout Issues

Recently, I encountered a tricky situation in ServiceNow while trying to remove a specific role from a large user group. The group had over 20,000 members, and the role I wanted to remove — let’s call it role_a — had multiple child roles.

Whether I tried removing the role from the group through the ServiceNow UI or via a Fix Script, the operation consistently timed out or failed due to performance issues. Here’s how I managed to solve it using a lesser-known system property and a careful approach.

🔍 The Problem

• Group had 20,000+ users
• role_a was mistakenly added to the group
• Child roles expanded the impact even more
• Removal via UI or script timed out

This scenario made direct deletion via UI or synchronous script execution impractical and risky for performance.

💡 The Solution: Enable Asynchronous Role Removal

ServiceNow provides a system property that allows large-scale group role changes to be scheduled and processed asynchronously — which prevents timeout issues.

✅ Set this property to true:

glide.ui.schedule_slushbucket_save_for_group_roles = true

This tells ServiceNow to schedule the removal process as a background job instead of executing it immediately in the user session, allowing even large role removals to be processed safely.

🧰 Correct Fix Script (Optional, for Automation)

While the UI works fine with the above property enabled, here's a safe fix script that removes a role from a group by deleting the record from the sys_group_has_role table:

var groupName = 'Your_Group_Name';
var roleName = 'role_a';

var group = new GlideRecord('sys_user_group');
group.addQuery('name', groupName);
group.query();
if (group.next()) {
    var role = new GlideRecord('sys_user_role');
    role.addQuery('name', roleName);
    role.query();
    if (role.next()) {
        var groupRole = new GlideRecord('sys_group_has_role');
        groupRole.addQuery('group', group.sys_id);
        groupRole.addQuery('role', role.sys_id);
        groupRole.query();
        while (groupRole.next()) {
            groupRole.deleteRecord();
            gs.info('Removed role ' + roleName + ' from group ' + groupName);
        }
    } else {
        gs.info('Role not found: ' + roleName);
    }
} else {
    gs.info('Group not found: ' + groupName);
}

⚠️ Note: You do not need to manually remove the role from each user — ServiceNow will automatically update user-role associations in the background after removing the group-role link.

🔄 What Happens Next?

Once the group-role relationship is deleted, ServiceNow automatically re-evaluates each user’s role inheritance. If a user no longer inherits that role from any group or assignment, it is removed.

The async job processes this in the background — all thanks to the property:

glide.ui.schedule_slushbucket_save_for_group_roles = true

📌 Final Thoughts

This small configuration change made a huge difference — what was previously a timeout-prone operation became a background task that completed smoothly.

Always remember to handle role management in large environments carefully. System properties like this one can make the difference between a performance issue and a seamless experience.

Have you faced similar issues with group or role management? Share your experience in the comments below!