Error removing Multple Role

autorun6464 · January 7, 2025, 8:53pm

While removing multiple Role its giving this 500 internal server error. but its working fine if i remove only one role at a time

Before Provisioning SCript

Log log = LogFactory.getLog("com.cof.rap.rule.Direct Branch.cofDirect BranchRule");

String appName ="Direct Branch";

QueryOptions qo = new QueryOptions();

List columns= new ArrayList();

Iterator applink = null;

List rolelist=new ArrayList();

 

 

if(plan!=null)

{

	if(log.isDebugEnabled())

	{

		log.debug("COF Direct Branch BeforeProvisioning Rule:Initial Plan:"+plan);

	}

	

	Iterable accountRequests = Util.safeIterable(plan.getAccountRequests());

	for (AccountRequest accReq : accountRequests)
{

		if(accReq!=null &amp;&amp; accReq.getApplicationName()!=null &amp;&amp; appName.equals(accReq.getApplicationName()))

		{

			if (accReq.getOp() != null) 

			{

				String strOp = accReq.getOp().toString();

				if (strOp.equals("Modify")) 

				{

					String nativeId=accReq.getNativeIdentity();

					Identity identity=context.getObjectByName(Identity.class,nativeId);

              		columns.add("attributes");

					qo.addFilter(sailpoint.object.Filter.eq("nativeIdentity",nativeId));

      				qo.addFilter(sailpoint.object.Filter.eq("application.name",appName));

     				applink = context.search(Link.class, qo, columns);

      

      				while(applink.hasNext())

     				{

        				Object[] objLink= (Object[]) applink.next();

        				attLink= (Attributes) objLink[0];

     				}
rolelist =attLink.get("roles");

					List attRequests=accReq.getAttributeRequests();

					List removalList=new ArrayList();

						boolean isconvertDisable=false;

						List attRequests=accReq.getAttributeRequests();

						for(AttributeRequest attRequest:attRequests)

						{

							String strRequestName= attRequest.getName();

							String strOperation= attRequest.getOp().toString();

							if(attRequest.getName()!=null &amp;&amp; strOperation!=null)

							{

								if("roles".equals(strRequestName) &amp;&amp; "Add".equals(strOperation) )

								{

									isconvertDisable=false;

									break; //No further Check required for Disable if any single Add request is present

								}

								else if( "roles".equals(strRequestName) &amp;&amp; strOperation.equals("Remove") &amp;&amp; !(rolelist.size() > 1) )

								{
								isconvertDisable=true;

								}

							}

						}

						if(isconvertDisable)	

						{

							AccountRequest accReqNew=new AccountRequest();

							accReqNew.setApplication(appName);

							accReqNew.setNativeIdentity(accReq.getNativeIdentity());

							accReqNew.setOperation(AccountRequest.Operation.Delete);//deleting account directly as per the direct branch application requirement

							plan.remove(accReq);

							plan.add(accReqNew);

						}

				}

				else if(strOp.equalsIgnoreCase("Delete"))

				{

					AccountRequest accReqNew=new AccountRequest();

					accReqNew.setApplication(appName);

					accReqNew.setNativeIdentity(accReq.getNativeIdentity());

					accReqNew.setOperation(AccountRequest.Operation.Disable);

					plan.remove(accReq);

					plan.add(accReqNew);
					}

			}

		}

	}

	if(log.isDebugEnabled())

	{

		log.debug("COF Direct Branch BeforeProvisioning Rule:Final Plan:"+plan);

	}

	

}

mkumariaas · January 8, 2025, 9:10am

@autorun6464 some time if you trying to iterator the account request and remove it form plan in same for loop then it will give errors.
You can create new list for account request your want and then set in plan in the end.

autorun6464 · January 8, 2025, 10:31pm

Ok tried it with that method

List accountRequestsToRemove = new ArrayList();  

    List accountRequestsToAdd = new ArrayList();

accountRequestsToRemove.add(accReq);  

                        accountRequestsToAdd.add(accReqNew);

for (AccountRequest accReq : accountRequestsToRemove) {

        plan.remove(accReq);

    }

    for (AccountRequest accReqNew : accountRequestsToAdd) {

        plan.add(accReqNew);

    }

But now the whole account is being deleted even thou i remove only two of three roles

mkumariaas · January 9, 2025, 7:46am

you need to create new array List and that array list must contains all the account rewquest which you want to keep, dont include remove one.
The in the end plan.setAccountRequest(All accountRequest which neeed to be added).

autorun6464 · January 10, 2025, 7:15pm

yup worked. Thank you.

Topic		Replies	Views
Multiple entitlement Remove Error IIQ Discussion and Questions rules , identityiq	4	93	March 29, 2025
Multiple account Request in single provisioning plan IIQ Discussion and Questions rules , identityiq	1	143	May 25, 2025
Remove Roles without Application IIQ Discussion and Questions identityiq , provisioning , entitlements	2	43	October 6, 2025
Bussiness Role is not removed from the identity IIQ Discussion and Questions identityiq , roles	3	438	February 13, 2024
Role Removal - Disappearance from Access Request IIQ Discussion and Questions identityiq , provisioning , roles	15	93	March 11, 2026

Error removing Multple Role

Related topics