Oracle ERP - Remove Roles and Data Access

vijaylca · April 4, 2025, 1:40pm

Hi Everyone,

We are integrating Oracle ERP application using Sailpoint’s Oracle ERP cloud connector.
When someone is terminated, we would like to do the following

Disable and lock their Oracle ERP account
Remove their roles and data access (for seeded roles and custom roles)

To disable an account, I should be able to do it through identity profile → Provision tab → LCS → Disable Account and choose Oracle ERP source

But I need some guidance and help with below

Lock the oracle ERP Account
Remove their roles and data access (for seeded roles and custom roles)

Thanks
Vijay

vishal_kejriwal1 · April 4, 2025, 2:07pm

you can use standard BPR to perform this operation on disable operation you can call remove all entitlements and lock the account
ask sailpoint to upload standard bpr for your tenant

below is the sample

{
    "eventActions": [
        {
            "Action": "UpdateAttribute",
            "Attribute": "<<lockattribute>>",
            "Value": "true"
        },
        {
            "Action": "RemoveEntitlements",
            "Attribute": "<<ent tye>>",
            "Value": null
    }
    ],
    Identity Attribute Triggers": [
        {
            "Attribute": "cloudLifecycleState",
            "Value": "terminate",
            "Operation": "eq"
        }
    ],
    "Operation": "Enable"
}

vijaylca · April 6, 2025, 12:04am

@vishal_kejriwal1, that worked like a charm. Thank you very much.