Hello everyone,
I’m looking to clean up the account schema of a new source to keep only the attributes we use. But there are 2 that I can’t delete with the following message:
Unable to delete attributes “xyz” because it is referenced by “attribute sync configuration”.
Field “xyz” is mapped to identity attribute “abc” by the default identity profile mapping for this source type.
I’ve looked at all the identity profiles, the “Attribute Sync” block and I can’t find any reference to my attributes anywhere.
PS: these are phone number attributes, not attributes linked to entitlements.
Hi @dblanchard
Have you tried to remove the mapping on the Identity Profile for field xyz and then try to delete the attribute on the source again?
In addition to that, check any other sources attribute sync config like AD for example where you potentially are synching the Phone number attribute referencing the Identity Attribute which is mapped to xyz.
Hi @Irshaad_Laher_WS,
I don’t have any identity profiles referencing this source (I just created it) so I don’t know what to delete. The message seems to say “default identity profile”.
I’ve also looked on other sources but I can’t find any real information about this famous field.
I’ve done the test of creating the source and trying to delete this account attribute directly, but the result is similar.
I just don’t understand what the error message means by “default identity profile mapping for this source type”.
Ps : the source type is Azure Active Directory
IdentityNow enforces certain restrictions on deleting identity attributes.
Hi @TJ211,
My understanding is that this is an account attribute from a direct source, not an identity.
In principle, no problem if it goes against the rules. But I can’t read anywhere the reason for this non-deletion.
I’ll go even further: these fields may contain personal data stored in Azure that we don’t want other teams to read. Not allowing these fields to be deleted, and therefore not aggregating this data, can be quite problematic.
Hi @dblanchard ,
You can always modify the Attribute sync configuration though it shows all the Create Policy attributes to ensure only needed ones are present using the API.
I faced the similar issue earlier. I have reset my accounts to empty using VS, you can also do that other ways and then removed the attributes from Schema such that the dependency is not there. Also, make sure these attributes do not have reference in correlation or provisioning policies as well.
Regards,
Uday Kilambi
I agree VS makes it easier to read and modify sometimes.
Thanks for your answers !
I’ve already emptied the attribute synchronization block because this source is only supposed to retrieve data via aggregation.
And so via GUI or with the API call: GET, I have empty data.
I’m wondering: did I clean up the sync attribute incorrectly, and are the dependencies still present? But when I recreate a fresh new source, there’s no reference to the telephoneNumber or Mobile attributes in the synchronized attributes.
hi @dblanchard are you still having this error? Were you able to get around it and delete the attributes?
@dblanchard you need to update schema using API.
V3 APIs | SailPoint Developer Community
- Take backup of existing source schema
- Delete the schema from source using delete schema API
- Upload new schema which has only those attributes that you are using.
- Please note that the attribute you want to delete does not have any attribute which is “accountName” or “id” of the source.
Let me know if this helps.
Thanks,
Vaibhav
Hi,
Thank you for your response; the actions were effective.
The method is a bit “aggressive” but efficient.
@jfinley I did not push my tests to the maximum after the actions, but it should work now thanks to the response from @vdivakar
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.