Bussiness Role is not removed from the identity

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

Hi experts,

Im facing a issue when I try remove roles via batch request. In this case we are using the following format in the csv file

operation,identityName,roles
RemoveRole,TestUser,ECI_BR_Role SAP TestRole

But when request is executed, role is not removed in the identity. From other side we have noted that attribute value of remove operation is detectedRole instead assignedRole, but in our case, all Business roles are assigned.

Also, we can see that request ends with status Finished, instead of return an error

<IdentityRequestItem application="IIQ" compilationStatus="Filtered" id="0a20b4aa8b511604818c25575aa03c4a" modified="1701433531947" name="detectedRoles" operation="Remove" provisioningEngine="IIQ" provisioningState="Finished" value="ECI_BR_Rol SAP TestRole">
      <Attributes>
        <Map>
          <entry key="identityEntitlementId" value="0a20b4aa8b511604818c25575e173c5b"/>
        </Map>
      </Attributes>
</IdentityRequestItem>```


Any idea about this issue?
2

According to the Lifecycle Manager documentation, the order is:
operation, roles, identityName
I don’t know if that makes a difference.

Have you verified that you are using the name of the role and not the display name? In my experience I tend to not put spaces into the name of the role, but it’s not hard and fast rule.

Also if the role has an assignment rule on it, you might experience some kind of issue. Normally when a role is removed after being assigned by rule, it is marked as permanently removed in the XML. Have you checked all of your settings to allow this to occur or is there a setting to prevent this? Also check your settings on the role definition to make sure it is able to be manually set.

3

HI @ismaelmoreno1 ,

Apart from what @keithsmith explained, the request generally goes into filtered item if sailpoint identifies it as already removed/added. so if this is not yet removed still sailpoint is addding the role in filtered list. I would suggest to create a sailpoint support ticket.