Share all details related to your problem, including any error messages you may have received.
I have a JDBC Application.
It consists of user,user_role table.
But there is one problem.
If i delete a entitlement when there is only one entitlement , the entitlement will be deleted from the Entitlements tab of the Identity details screen and also from the Application Accounts tab.
In the real DB, User is not deleted, but user_role is deleted.
I only want to delete entitlement, but even the account has been deleted from the screen.
My getObjectSQL : select user_id,name,email,role_id from user a,user_role b WHERE a.user_id=b.user_id AND a.user_id=‘$(identity)’
First of all, I would suggest you change getObjectSQL as @officialamitguptaa mentioned and also change SQL Statement to as below.
select user_id,name,email,role_id from user a left join user_role b on a.user_id=b.user_id ;
This will make sure that user is not removed even if the role doesn’t exist during aggregation.
Couple of things I noticed while I was skimming through was, the code is fetching name, email, user_id etc from plan but I didn’t find any provisioning policy for the same.
Secondly, you are considering multiple add role request in your code but multiple role remove request was not checked. It was not looking for a list instance and taking action on remove.
Please let us know if you are still facing issues.
The entitlement has been deleted from the actual DB, but remains on the IIQ screen.
This could be a normal sync issue with IIQ.
Have you tried to run the AccountAggregation-Task for your connector, after your change?
We have similar cases and the identites are in sync, after AccountAggregation was running.
In LCM workflow exists a “doRefresh” flag, but without traceable impact