How to remove the delete option for an app in accounts page of manage user accounts?

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Hello,

how to remove the delete option for an application on the accounts page of manage user accounts quicklink. removing the delete from featuresString didn’t work.

TIA…

2

You can disable the account “Delete” option from the Gear Icon > Lifecycle Manager > Manage Account Options section, by unchecking the boxes for the desired operation. Unchecking the box for “My Actions” would prevent users from deleting their own accounts (via self-service), and unchecking the option from “Subordinate” would prevent users from deleting accounts on behalf of others. Unchecking both boxes, removes the “Delete” operation altogether.

image

However, currently this can only be done globally for all applications, and not on a per-application basis.

1 Like
3

Thanks @paulo_urcid, but we are looking for just one application. If an account request has delete operation for an application, what’s the best way to remove the account request from plan?

4

In that case you can use a BeforeProvisioning rule to modify the plan and remove or change the “delete” operation

5

There is an idea submitted for this feature to be implemented. You can vote on the idea here.

2 Likes
6

I tried removing the account request from plan using BeforeProvisioning rule but i’m getting the following error

ERROR Workflow Event Thread 10 sailpoint.provisioning.PlanEvaluator:2737 - sailpoint.tools.GeneralException: BeanShell script error: bsh.EvalError: Sourced file: inline evaluation of: ``   import sailpoint.object.ProvisioningPlan;   import sailpoint.object.Provision . . . '' unknown error: null :

Code

  List arList =  plan.getAccountRequests();
  for (AccountRequest ar : arList) {
    if ( ar.getOperation().equals(ProvisioningPlan.AccountRequest.Operation.Delete)) {
      plan.remove(ar);
    }
  }
7

I suggest that you add null-checks in the code to make sure objects are not null before calling their methods.

8

Java recommends methods that return a Collection should not return null, but return an empty collection instead.

SailPoint APIs don’t all follow that recommendation. Some of them will return null.

In this case, most likely plan.getAccountRequests() is null.

9

I would add much more debugging logging to make sure where it goes wrong.
Feels to me like the call to remove anything should be done on arList instead of plan.