The search query fetching data might be a definition issue , The real problem would be:
Note : The revocation of role is possible to only those roles which are not granted through Birthright and RBAC
Assigning Identities in the Role is automated provisioning , we cannot revoke this access through Manage Access .
Alternative is to change the role definition ,
- Get Role Data [API]
- Iterate a loop over identities assigned to the role
- –>Inside loop , check if the current identity is is not same as selectedIdentity
- –>If the above condition is true , PATCH assigned identities to this role
- –If false , end the step
The above process will keep-patching the role composition with identities which is not part of the selectedIdentity , This way we can revoke modify the role .
However , this will increase the complexity of the workflow and I cannot see another way.