When you disable accounts via provisioning, you can remove any associated entitlements at the same time.
When this scenario is required, is it possible to have a variable number of entitlements based on the account being disabled without creating a before provisioning rule - meaning configuration in the UI only in such a way that each instance of entitlement is repeated as specified in the XML scheme?
For example, a user has 3 entitlements, 1,3,6
We need to send a disable body that looks like this: (897 is a disable)
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tran="http://transferobjects.webservices.security.somedomain.com" xmlns:tran1="http://transferobjects.webservices.common.somedomain.com">
<soapenv:Header/>
<soapenv:Body>
<tran:UpdateUserRequest>
<tran:strUserID>USERACCOUNTNAME</tran:strUserID>
<tran:ActiveFlagCode>897</tran:ActiveFlagCode>
<tran:RemoveAssignedRolesList>
<!--Zero or more repetitions:-->
<tran:intRoleID>1</tran:intRoleID>**
<tran:intRoleID>3</tran:intRoleID>**
<tran:intRoleID>6</tran:intRoleID>**
</tran:RemoveAssignedRolesList>
</tran:UpdateUserRequest>
</soapenv:Body>
</soapenv:Envelope>
Hi @rmccoy-unum,
This question might be better answered by the community in the ISC Discussions and Questions category. I can move this post there, but since you shared a code sample, I wanted to ask before I did so.
-Josh