Hello,
I’m currently using the Web Services Connector and have configured Add Entitlement and Remove Entitlement operations.
Roles include entitlements, and I’m using Standard Criteria so that entitlements are automatically granted or revoked when users change departments.
In general, when entitlements are granted alone—or when grant and revoke operations happen sequentially—both Add and Remove operations work correctly.However, when a department change triggers grant and revoke at the same time, something strange happens:
In the UI, everything looks correct.
Add Entitlement
AttributeValue: TEST_addRemove Entitlement
AttributeValue: TEST_RemoveBut when I inspect the payload using an AfterOperation Rule, the actual request looks wrong:
The connector sends both Add and Remove operations for TEST_add,
And TEST_Remove is never processed at all.
As a result, the managed system ends up with incorrect entitlement updates.
It seems like the provisioning plan is merging or overriding the Remove operation, but I can’t figure out why.
Has anyone seen this behavior before or knows why this happens when Add and Remove occur simultaneously?
Any insight would be greatly appreciated.
Please consider addressing the following when creating your topic:
- What have you tried?
- What errors did you face (share screenshots)?
- Share the details of your efforts (code / search query, workflow json etc.)?
- What is the result you are getting and what were you expecting?