Deleting Access Profiles

I’m having trouble deleting these access profiles, it says it’s already in use, it’s disabled too.

1 Like

Hellloooooo KAIO,

Is this accessprofiles being referenced in a role?



Hello @kaiolima,

May be some users always have this access profile or it’s part of roles or applications.

In search part check if any user have this access profile :

@access(name.exact:Your access profile name)

Or check if your access profile is containing into a role :"Your access profile name"

You cannot delete an access profile that is currently included in any provisioning configuration. You must first remove it from all lifecycle states and roles.


I was able to identify that it is assigned to some users and no role, as it is assigned to users, what would be your recommendation?

1 Like

@kaiolima i recommand to wait the next identity refresh (8pm or 8pm) , the access profile will normally remove from users because it’s disable. Or if you want to force fastable this removale you can modifiy your access profile by removing all entitlements and then click Apply Changes

1 Like

Thank you, I’ll wait for the next update to check if I can remove it. I’m also sending the research I did on search and it doesn’t bring any linked role…

I need to delete these access profiles that are in the same situation, linked to a user.


1 Like

@kaiolima be aware about your filter that check if access profile exist in role.

You have . before
Here a query example :"Test ap AD"

As already says, after refresh o this night or tomorrow if this access profile cannot be deleted , remove entitlements from this access profiles and apply change from ui.

Best regards.

1 Like

I corrected a query and brought the entitlements

1 Like

Can you try ;"Test ap AD"
1 Like

Whithout () after accessProfiles

1 Like

Thank you, I believe I managed to get the query right, but they are all like this, without attribution to user and role.

I also noticed that it doesn’t allow me to remove the entitlements, when I remove the one that already exists, the save option becomes invisible


@kaiolima do you delete them successfuly? i there no user , role and if they are not used in birthrigth access you can normaly delete them.

Concerning about :
" I also noticed that it doesn’t allow me to remove the entitlements, when I remove the one that already exists, the save option becomes invisible " ==> this is normal because an activate access profile must have at least one entitlement. If you disable an access profile, you will be to remove all entitlements and save.

I actually left all access profiles disabled yesterday and this morning I still can’t delete them.

Do you use this access profile in your lifecyclestate configuration for birhtrigth access ? and in your applications ?

Can you try to remove entitlement and apply change. After several minutes try to delete it?

Try also with api call:

Hi @kaiolima ,

After you disabled the access profile, you can remove the entitlements mapped into access profile.
Once the access profiles are empty, you can try to delete them.

Note: If access profile is enabled, there must be at least one entitlement mapped into access profile.

Hope it helps. Cheers.

Hello Ousmane, I tried to do it via the API just now and it didn’t work, I got the ID from the URL.
How do I check if I’m using it on lifecycle?
And I’m not using it in applications, it’s very strange. I can’t remove the entitlement even if it is disabled.

Hello, I have already done a series of things, the access profile is not assigned to any role or identity. It has been disabled since yesterday at 6:40 pm. I tried this morning to delete it via the API and UI and I was unsuccessful.

Even with the access profile disabled, I can’t remove the entitlement and save because the save option is invisible even when disabled.

@kaiolima you can review your Postman base url