Bundle remove calculation in provisioning plan

shivakarasani199 · February 6, 2025, 3:49am

Which IIQ version are you inquiring about?

8.2P7

Hello Community , I have a use case where i can have only one entitlement (assigned via IT Role) at any given point of time.
So we are trying to revoke the existing IT role Bundle of that application before adding the requested IT Roles.

Is there a way we can modify the provisioning plan to achieve this ? I tried multiple ways but not able to progress on revoking the existing IT roles and adding newly requested role from current provisioning plan

I am using Add Entitlement Operation , WebserviceBeforeOperationRule

ProvisioningPlan plan = new ProvisioningPlan();
  Identity identity = plan.getIdentity();
  String identityName = identity.getName();
  AccountRequest accReq = provisioningPlan.getAccountRequest("ApplicationName");
  if (accReq != null) {
    String nativeIdentity = accReq.getNativeIdentity();
    Identity identity = context.getObjectByName(Identity.class,identityName);
    if (identity != null) {
      List<Bundle> roles = identity.getAssignedRoles();
	  List accReqList = new ArrayList();

       if (roles != null) {
       for (int i = 0; i &lt; roles.size(); i++) {            
          	Bundle roleBundle = roles.get(i);
            if (roleBundle != null) {
            	String name = roleBundle.getDisplayName();
              if (name.startsWith("ITRole_Appx")) {
                log.error("role name starts with ITRole_Appx >> "+name);
                AccountRequest accountReq = new AccountRequest();
                accountReq.add(new AttributeRequest("assignedRoles", ProvisioningPlan.Operation.Remove, name));
                accReqList.add(accountReq);
              }
            }
          }
          ProvisioningPlan newPlan = new ProvisioningPlan();
          newPlan.setNativeIdentity(identityName);
          newPlan.setAccountRequests(accReqList);
          Provisioner provisioner = new Provisioner(context);
          provisioner.execute(newPlan);
        }
    }
  }

pszupiluk · February 12, 2025, 2:51pm

Hi Shiva,

Since you need a change on IT role level, I would recommend to detect this situation in LCM Provisoning workflow and adding remove IT role operation to the request. Then connector would get at the same time two operations - one to add entitlement and other to remove.

As for your approach, code looks more or less fine. Do you get any error when executing this?

system · April 13, 2025, 2:52pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Webservice - Provisioning must delete existing entitlement before adding (Only add API call available)) IIQ Discussion and Questions identityiq , provisioning , roles	6	143	March 24, 2025
Deprovisioning business roles IIQ Discussion and Questions identityiq , roles	9	136	May 27, 2025
Removing all users Roles and Entitlements IIQ Discussion and Questions workflows , rules , identityiq , lifecycle-management	10	460	February 10, 2025
Before Provisioning Rule Operations - How to remove plan or account request ISC Discussion and Questions rules , provisioning , entitlements	6	2702	July 21, 2023
Set provisioning plan to null ISC Discussion and Questions rules , provisioning , entitlements	4	1218	July 19, 2023

Bundle remove calculation in provisioning plan

Which IIQ version are you inquiring about?

Related topics