jgruendike
January 29, 2024, 7:56pm
1
Version 8.3
I’m learning how to setup certifications. I have a population of accounts and simply want reviewers to decide if they should be disabled or not. If I configure an account certification, revocation deletes the entire account which isn’t what I want, how do I define what revoke actually does? I tried creating a rule that fires on the revocation stage so I can remove the entity from the certification, but the accounts are still deleted.
amishra97
January 29, 2024, 9:40pm
2
Hi @jgruendike
You can create a before provisioning rule for the application to change the operation from “Delete” to “Disable”.
In case of access revocation, the ‘source’ value on plan will be “Certification”.
if(plan!=null)
{
String source=plan.getSource();
if(source != null && source.equalsIgnoreCase("Certification"))
{
// Change the account operation here
}
}
return plan;
jgruendike
January 29, 2024, 10:19pm
3
This is great, I’ll look into this. Thank you
EDIT:
if (plan.getSource() != null && plan.getSource().equalsIgnoreCase("Certification")) {
for (AccountRequest accountRequest : plan.getAccountRequests()) {
if (accountRequest.getOp().equals(ProvisioningPlan.ObjectOperation.Delete)) {
accountRequest.setOp(ProvisioningPlan.ObjectOperation.Disable);
}
}
}
2 Likes
kjperkin
February 13, 2024, 7:16pm
4
Might I suggest the slightly neater:
if ("Certification".equalsIgnoreCase( plan.getSource())) {
for (AccountRequest accountRequest : plan.getAccountRequests()) {
if (accountRequest.getOp() == ProvisioningPlan.ObjectOperation.Delete) {
accountRequest.setOp(ProvisioningPlan.ObjectOperation.Disable);
}
}
}
The string literal is never null, so flipping the comparison is cleaner
ObjectOperation is an enum, so == can be used instead of equals.
system
April 13, 2024, 7:16pm
5
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.