Share all details related to your problem, including any error messages you may have received.
Background :
I have few business roles with assignment logic that can assign to the user dynamically when refresh task executes for the user.
I am scheduling a targeted role certification, where reviewer can revoke the business roles for an user.
ASK:
Looking for an option in IIQ, on business roles revocation during certification which has Assignment logic and that should not assign back to user even after Refresh Task is executed for the user ?
The negative=“true” is added when the role is revoked from a certification. This is to prevent the role from reassignment in identity refresh. This is done by the logic in identity refresh to specifically ignore the role assignment with negative=“true”.
Please validate if the same happening in your case.
I think this need to be done with care . I would say you should revisit the design and requirement that ;do you want to do the review of the access which is given though some assignment criteria .
valid point, generally we would not keep the Roles that have assignment rule defined as part of he Certification process. Generally, we exclude Birthrights and Business Roles with Assignment Rule in the UARs.