Issue in certification decide API

Hi Team,

Following API “https://cxxx-dev.api.identitynow.com/v3/certifications/53cxxxxxxx2276d88/decide” is not working as expected. If I give "APPROVE in below body it is working as expected but revoke is not working

{
        "id": "c250xxxxxxxxxxx84a195",
        "decision": "REVOKE",
        "bulk": true,
        "comments": "Leaver CH (593axxxxxxxxxxxx44b02))"
    }

I am receiving following response

{
    "detailCode": "400.1 Bad request content",
    "trackingId": "aaxxxxxxxxxxxxxxxxxxxxxe191d",
    "messages": [
        {
            "locale": "und",
            "localeOrigin": "REQUEST",
            "text": "Action \"REVOKE\" cannot be performed on {\"Irrevocable Role Items\":[\"c2501xxxxxxxxxxxxxxxxxxa195\"]}"
        },
        {
            "locale": "en-US",
            "localeOrigin": "DEFAULT",
            "text": "Action \"REVOKE\" cannot be performed on {\"Irrevocable Role Items\":[\"c250xxxxxxxxxxxxxxxxxxxxxxxxxxx195\"]}"
        }
    ],
    "causes": []
}

Thanks,
Harish G

Hey Harish!

Based off the response, it looks like you may be trying to revoke a Role that was automatically assigned. When Roles are automatically assigned to users based of criteria, they appear in certification campaigns, but they can only be acknowledged. In looking at the documentation for this endpoint, it looks like only APPROVE and REVOKE options are allowed, so I am thinking it interprets a role acknowledgement as an APPROVE.

Regardless, you would not be able to revoke an automatically assigned role that is included in your campaign through either the UI or the API. If you are just looking to close this campaign item, you would need to approve/acknowledge it and then evaluate the Role assignment criteria if this access is not something the user should have provisioned to them.

Please let me know if this helps!