Rejoiner for roles where it was previously removed by Leaver LCM

Which IIQ version are you inquiring about?

8.4

Share all details about your problem, including any error messages you may have received.

I have a use case whereby the staff has rejoined the organization after they have left. Previously when the staff has left, the assignment roles were removed by Leaver LCM.

Thereafter, when the user has rejoined, the roles were not automatically added back when running Identity Refresh. I understand that when roles are manually removed, they can’t be added back by the assignment again. Is there any one who may have a solution on this can be solved? Is removing from the xml the only way to clean up and what can be done for the future cases?
This is currently in the user’s xml.

  <RoleAssignment assigner="xxx" assignmentId="bf64cbac8bdd4beda4665fa0e9ea266d" date="1726930920402" negative="true" roleId="64494f568d821f0b818d82bf2eb40047" roleName="xxx Birthright" source="RapidSetup"/>
            <RoleAssignment assigner="xxx" assignmentId="78826fab4ff74380a1c0f6ddbcd01ba5" date="1726930920402" negative="true" roleId="64494f358e5c1067818e5c20e0550055" roleName="xxx Staff Birthright" source="RapidSetup"/>
            <RoleAssignment assigner="xxx" assignmentId="53fbd34ad44a49a9b013bcd2f6a88735" date="1726930920402" negative="true" roleId="0af405f7905f168f81905fa6c0bc0025" roleName="xxx Birthright" source="RapidSetup"/>

Hi Andy,

Please refer to this discussion thread the solution suggested over there:

Thanks,
Pallavi

Is there anyway to do a cleanup through a rule to remove those xml that have the negative tag?

I tried to query the roleassignment class or assignment class using context.getObjectById with the assignment id but I get the exception of Exception running rule: The application script threw an exception: sailpoint.tools.GeneralException: Unable to locate persister: sailpoint.object.RoleAssignment

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.