and more in a single search tool across platforms. Read the announcement here. |
03/20/2024 05:36 AM
Hi,
We have an application where user can have only one entitlement . We have roles created for the application and added the entitlement. Now when an existing user is rasing the request for a new role (which has entitlements) it is getting provisioned successfully meaning, the existing entitlement User's account was having is being replaced by the entitlement added as part of role request . So now User is having Two roles but the users account has entitlement of only one role. This creates a mismatch in role user mapping, I have to remove the old role. How can I achieve that ?
Thank you
03/20/2024 09:41 AM
Can you check if the user has any entries in account_entitlements1 table with assignedfromroles populated with the rolekey of the Role that you are trying to deprovision?
03/20/2024 10:25 PM
Unfortunetly you can't clean up the entries from role_user_Accounts.
Role_user_Accounts must have double entries.
Try removing from Admin - Users - Roles