Skip to Content

Remove action

I have noticed a REMOVE action under Request Type configuration. What does this action do? Remove all roles? Allow the request to show the REMOVE provisioning action?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Feb 11 at 10:45 PM

    Hi Matthew

    I've had a bit of a search of the code to see this. So far, it's looking like the action for remove is relating to FF Id, SOD, and UAR review processes (i.e. 3 MSMP workflows for access reviews) where the risk/role to user is flagged as REMOVE action. I suspect it also applies to an access request where the existing roles can be set to remove as well (but for access requests like request type 002 change user, I'm wondering if assign object is picking up these scenarios). Also, User Reaffirm process might use it as for remediation purposes.



    Bit more reading and it looks like HR trigger will use the 009 remove as well. Looking at note: 1728790 it looks like making sure expired roles on positions didn't appear in status retain. IdM uses the 006/009/010 for Assgin/Remove/Retain Roles - seems to be the frequent layout for provisioning options for roles.


    Got me a bit curious now to map it out (another item for my invisible list).



    I'm not sure if you can create a request type with action remove to empty all roles from a use as part of account deactivation process.

    Add comment
    10|10000 characters needed characters exceeded