hello everyone
I’m trying to create a rule capable of remove an entitlement from an account, i’m using the following code below:
public String provisionFti(Identity identity, String ma, String op)
{
String type = "racfConnectGroupName";
String operation = op;
String application = "CPUA RACF LDAP";
String value = ma;
ProvisioningPlan plan = new sailpoint.object.ProvisioningPlan();
plan.setIdentity(identity);
plan.setSource("LCM");
plan.setComments("Adicionado via RITM " + ritm);
AccountRequest acctReq = new AccountRequest();
acctReq.setApplication(application);
Map map = new HashMap();
AttributeRequest attributeRequest = new AttributeRequest();
String msg = "";
if(operation.equalsIgnoreCase("Add"))
{
map.put("operation", "Add" );
attributeRequest.setOp(ProvisioningPlan.Operation.Add);
}
if(operation.equalsIgnoreCase("Remove"))
{
map.put("operation", "Remove" );
attributeRequest.setOp(ProvisioningPlan.Operation.Remove);
msg = "Funcao removida para a identidade";
}
Attributes att = new Attributes(map);
acctReq.setArguments(att);
attributeRequest.setValue(value);
attributeRequest.setName(type);
acctReq.add(attributeRequest);
plan.add(acctReq);
Provisioner provisioner = new Provisioner(context);
provisioner.execute(plan);
TaskResult task = new TaskResult();
provisioner.saveResults(task);
ProvisioningProject project = provisioner.getProject();
List<Message> listMsgs = project.getErrorMessages();
if(!listMsgs.isEmpty()){
for(Message listMsg : listMsgs){
msg = listMsg.getMessage();
}
}
return msg;
}
When I execute the rule through debug mode, it runs ok and in the Administrator console shows that it was a success
When i check on the identity account, the entitlement was not removed. I also tried to run refresh identity, performs, aggregation, but still doesn’t work.