Rule for removing entitlement from the target application

3 Kudos

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE Rule PUBLIC "sailpoint.dtd" "sailpoint.dtd">
<Rule language="beanshell" name="TestingRUle-NG">
<Description>This rule is used to validate the Field values on a provisioning plan.</Description>
<Signature returnType="Object"/>
<Source>

import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.ObjectRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
import sailpoint.api.Provisioner;

ProvisioningPlan plan = new ProvisioningPlan();
List objreqs = new ArrayList();
String GroupName = "Test-APP-sukhfixedi";

//String baseDN = ",OU=groups,OU=Test,OU=Units,DC=company,DC=net";
ProvisioningPlan.ObjectRequest or = new ProvisioningPlan.ObjectRequest();
or.setOp(ProvisioningPlan.ObjectOperation.Delete);
// or.setNativeIdentity("cn=" + GroupName + baseDN);
or.setNativeIdentity(GroupName);
or.setApplication("Flat File Application");
or.setType("Group");
objreqs.add(or);
plan.setObjectRequests(objreqs);

Provisioner ps = new Provisioner(context);
ProvisioningProject pr =ps.compile(plan);
ps.execute(pr);
//return ps.getProject();
//return plan;
</Source>
</Rule>

shamalas · ‎Aug 14, 2023

Hi,

I have a case in, There are many pending roles and entitlements(AD/Azure AD Groups) left in most of the terminated identities with various reasons, I have to remove those roles and entitlements (except AD domain entitlement CN=Domainusers,cn=domain,cn=com) for the list of given terminated users. If anyone has that rule please provide it. Thanks.

Rule for removing entitlement from the target application

Rule for removing entitlement from the target application

Entitlements

Rules