Nasir1
Tera Expert

Scenario

If a user account is terminated, we want to make sure the roles/groups that user belong to get removed too. There are couple of ways this can be achieved,

1 - Run using Business Rule when account changes inactive run script and remove roles and group.

2 - Trigger flow either as a schedule job, or as part of the user termination flow that disabled the user account in the first place.

 Problem

The problem with second approach is, user can be removed from group and roles that are directly assigned but leaves the roles that a user has inherited possibly because of assignment groups/groups user was member of. 

Solution

 The solution to this problem is attached in the screenshot below, the trick is to grab all roles user is memberof, set inherited to false, wait for few seconds and then look up user roles again and run step to remove roles, and it works like a treat.

find_real_file.png

Comments
AlicePD
Tera Contributor

@Nasir1 Was this (sub)flow run as user who initiated/system/admin?

Version history
Last update:
‎08-02-2022 09:33 PM
Updated by: