- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 08-02-2022 09:33 PM
Scenario
If a user account is terminated, we want to make sure the roles/groups that user belong to get removed too. There are couple of ways this can be achieved,
1 - Run using Business Rule when account changes inactive run script and remove roles and group.
2 - Trigger flow either as a schedule job, or as part of the user termination flow that disabled the user account in the first place.
Problem
The problem with second approach is, user can be removed from group and roles that are directly assigned but leaves the roles that a user has inherited possibly because of assignment groups/groups user was member of.
Solution
The solution to this problem is attached in the screenshot below, the trick is to grab all roles user is memberof, set inherited to false, wait for few seconds and then look up user roles again and run step to remove roles, and it works like a treat.
- 3,273 Views
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
@Nasir1 Was this (sub)flow run as user who initiated/system/admin?