Hi all,
I am encountering an issue where a role is not getting assigned even when the identity satisfies the condition. Attached the identity xml.
What am I missing.
IDentitysample.xml (74.0 KB)
Thanks in advance
Please share the role assignment logic.
Hi @rishavghoshacc ,
Please share assignment logic for role.
Also check if that role was previously removed by access request (or any corresponding workflow)
When Role is removed from LCM (Access Requests), then that role is not assigned back to that user. It has to be requested again. Because IIQ gives high proprity to LCM provisioning over Role assignment logic
@rishavghoshacc How are you assigning the role and removing it? If you are assigning them dynamically, but removing them via access request, IIQ set a flag called as negative=“true” to the role assignments. Due to which they will not be assigned automatically.
Could you please also share your role xmls (business + it) for review?
Bundle Sample.xml (2.4 KB)
Bundle Sample.xml (2.4 KB)
Bundle Sample.xml (2.4 KB)
@rishavghoshacc I think you are trying for role: BRT_WFT 05xxxxxxxxxxxxxxtnerWOT which is marked as negative =true. In your identity xml, check the role assignment with id = “c8a462ab30754e77a41cc9e30a8f5cc3”. Try removing the negative=true flag from the role assignment and refresh the use. It should assign automatically.
Note: Found a fix?Help the community by marking the comment as solution. Feel free to react(
,
, etc.)with an emoji to show your appreciation or message me directly if your problem requires a deeper dive.
@neel193 I see that the source of this is a certification. But how would this be possible?
@rishavghoshacc Even if it removed via Certification, negative flag will be set. This role must have been part of the certification. Please check the certification and can also identity → search user → Go to History tab. Here also you can see when it was removed and who removed it.