How to remove roles from the user using workflow?

Hi All,

I want to remove all non Birthright roles assigned to the user during the termination. I have tried manage Access in the workflow but it was throwing 400 bad request error. Also tried with submit access request api call to remove the role but before that I have used search to get the Revocable:true and passing the role id into the loop.

Inside the loop I have configured the submit access request api call where I have passed the identity and requested items field I have given the role id and type as role but it throws same error 400 bad request.

I don’t know what I missing here, any help would be appreciated.

Thanks,
Shantha Kumar

Can you check whether you are able to revoke the access from the Role via UI?

Sometimes it throw 400 error when there were pending tasks for the access items or for the identity and those are not listed in the pending-tasks api.

Hi

Share us the error logs from workflows.so we can check and let you know the issue.

Best Regards,
Siva.K

I think you’re passing the entire identity object instead of just the ID. Can you just check?

This is what i configured in ISC.

image592×520 33.4 KB

image1227×516 49.5 KB

image1230×476 30.7 KB

In HTTP Request this is what i have given as input:

{“requestType”:“REVOKE_ACCESS”,“requestedFor”:[“{{$.loop.context.id}}”],“requestedItems”:[{“comment”:“Remove Role on termination”,“id”:“{{$.loop.loopInput}}”,“type”:“ROLE”}]}

The same i have tried in API postman it was removing the role.

This is the error i have get in the workflow.

{“error”:“task failed: activity error (type: sp:external:http:v2, scheduledEventID: 5, startedEventID: 6, identity: 1@sp-workflow-worker-stg-us-east-1-7457c9fb94-rjgqv@sp-workflow-engine): request failed (type: HTTP Response Returned a Client Error, retryable: false): request failed: 400 - 400 Bad Request - {"detailCode":"400.1.404 Referenced object not found","trackingId":"4e017f2cb89a482f9932c4599644ff56","messages":[{"locale":"en-US","localeOrigin":"DEFAULT","text":"Referenced RequestedFor Identity/Identities {{$.loop.context.id}} was/were not found."},{"locale":"und","localeOrigin":"REQUEST","text":"Referenced RequestedFor Identity/Identities {{$.loop.context.id}} was/were not found."}],"causes":}”,“workflowId”:“74ef4321-3339-4d6b-b06a-eb9359d1a339-2”}

`

Hi @Santhakumar,

Can you share your WF JSON here.

Also, if it is a termination scenario, the BR roles are expected to be revoked during the processing right.? If that’s the case, you can add a wait of 5 or 10 minutes for the processing to complete so that only the revocable roles would remain. So you don’t have to look only for the revocable ones.

@Santhakumar

Can u share the loop context part ?

I have resolved the workflow.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.