I want to create a certification for accounts but not delete them

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

I’m learning how to setup certifications. I have a population of accounts and simply want reviewers to decide if they should be disabled or not. If I configure an account certification, revocation deletes the entire account which isn’t what I want, how do I define what revoke actually does? I tried creating a rule that fires on the revocation stage so I can remove the entity from the certification, but the accounts are still deleted.

Hi @jgruendike

You can create a before provisioning rule for the application to change the operation from “Delete” to “Disable”.

In case of access revocation, the ‘source’ value on plan will be “Certification”.

if(plan!=null)
{
	String source=plan.getSource();
	
	if(source != null && source.equalsIgnoreCase("Certification"))
	{
        // Change the account operation here 
    }
}
return plan;

This is great, I’ll look into this. Thank you

EDIT:
This solution worked. Here’s what I used specifically for the before provisioning app rule:

if (plan.getSource() != null && plan.getSource().equalsIgnoreCase("Certification")) {
        for (AccountRequest accountRequest : plan.getAccountRequests()) {
            if (accountRequest.getOp().equals(ProvisioningPlan.ObjectOperation.Delete)) {
                accountRequest.setOp(ProvisioningPlan.ObjectOperation.Disable);
            }
        }
}

Might I suggest the slightly neater:

if ("Certification".equalsIgnoreCase( plan.getSource())) {
  for (AccountRequest accountRequest : plan.getAccountRequests()) {
    if (accountRequest.getOp() == ProvisioningPlan.ObjectOperation.Delete) {
      accountRequest.setOp(ProvisioningPlan.ObjectOperation.Disable);
    }
  }
}

1. The string literal is never null, so flipping the comparison is cleaner
2. ObjectOperation is an enum, so == can be used instead of equals.