Hi All,
We have a requirement of deletion of role using the below code and followed by deletion of user membership from the AD group.
We have a role in IdentityIQ with AD group membership. when we delete the role using the below code it is not deleting the AD Group membership for the user.
Is this the limitation in identityIQ?
Bundle role = context.getObjectById(Bundle.class,“BIZ 1”);
Terminator t = new Terminator(context);
t.deleteObject(object);
Regards,
Ravi.
Deleting a business role will remove the role from a user’s profile, but it won’t delete the underlying entitlements from the user’s accounts. To achieve this, you can follow these approaches:
is it possible to perform the above steps using java/beanshell code?
Yeah you can do.
For Approach 1, you can get sample code here to remove role from one user profile. You can enhance this code to remove role from all users profile and then delete the role using Terminator.
Even you can try approach 2 through code.
if we delete the role from UI followed bye refresh cube task followed role propogation task will delete all the membership in AD as well after deletion of the role.
is it possible to implement the same thing running the propogation task after role deletion.
You need to delete IT role first and then run Role Propagation task. Identity Refresh task wouldn’t remove entitlements, hence you need to run Role Propagation task. (Refer this link for more details)
Once the task is executed successfully, then you can delete Business roles.