De-assign the role after the manual workitem completion

Which IIQ version are you inquiring about?

8.3p4

Share all details about your problem, including any error messages you may have received.

Hello everyone,

Can anyone please help me with the following issue.
We have a role with the provisioning policy form where all of the attributes cannot be seen in the target system. So, every time after the manual work item is completed and the identity has been refreshed, the verification fails and a new manual workitem is created.

There is no way for us to check these attributes using the connector and the only way to change them is manually, also there is no need for us to see this role assigned to the user (we only need to see the archived manual item).

So is there any way to de-provision this role right after the manual item was completed?

Thanks.

So, I’ve just created the task that runs the next rule for every 15 minutes

QueryOptions qo = new QueryOptions();

Bundle role = context.getObjectByName(Bundle.class, "RSATEST1Bus");
String roleId = role.getId();
qo.addFilter(Filter.eq("assignedRoles.id", roleId));
List identities = context.getObjects(Identity.class,qo);

  for (Identity identity : identities){
		ProvisioningPlan plan = new ProvisioningPlan();
		plan.setIdentity(identity);

		plan.add("IIQ", identity.getName(), "assignedRoles", ProvisioningPlan.Operation.Remove, "RSATEST1Bus");


		Provisioner p = new Provisioner(context);
		p.setNoRoleExpansion(false);
		p.setNoLocking(true);
		p.execute(plan);
  }

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.