Workflows: Action "Manage Access"

Hi all,

In a workflow I’m using the action “Manage access” to remove access profiles.
The removing fails with the follwowing error:

request failed: 400 - 400 Bad Request: The following access item(s) 
cannot be revoked from identity ("12a2f4149a1d46cba0f91b1baa7ea028"): 2c9180857f9092b8017f97c2cdb20f92. 
(type: HTTP Response Returned a Client Error, retryable: false): request failed: 400 - 400 Bad Request

It happens that 2c9180857f9092b8017f97c2cdb20f92 is the id of an access profile belonging to a role.
I think this is a misbehaviour because in “Manage Access” are present two check boxes one for the roles and one the access profiles.
If I check only the access profile for removing should be removed only the access profiles not belonging to roles

If the access profile is a part of a role, and the identity in question has that role assigned to them, then it makes sense that you can’t revoke the access profile. That would defeat the purpose of the role.

Hello Colin,

You’re right, the first thing to do is removing the roles and then, after a while, removing the aps.
Just a question: the maximum number of roles or aps from the action “manage access” is 50 or 250?