How to remove inactive users from groups and revoke the access associated with that group?

Nivetha K1 · ‎11-23-2020

Hi All,

We've a requirement in our custom application "EDM" to revoke inactive user license based on groups. Please find the process of provisioning roles to users below and suggest some solution to invoke the access once that particular user profile is set to inactive.

We're working on a record producer where we have two important fields "Business owner" and "Technical owner". Once we fill these two fields and submit the request, users whom we've given as business owner and technical owner will be provisioned with below roles:

x_ecsr_edm.business_owner

x_ecsr_edm.texhnical_owner

But, current requirement is to revoke these roles as well as deleting the users from the edm groups once the user profile is set to active false and locked out.

I tried various scripts but none is working as expected using single script.

Can anyone help me with the best solution and process on how to achieve this?

Any feedback/suggestion would be highly helpful as our go live is nearing.

Thanks,

Nivetha K.

Mouli Praneeth · ‎11-23-2020

Hello Nivetha,

You can write a before BR as below and add conditions to suit your requirements

View solution in original post

Mouli Praneeth · ‎11-23-2020

Hello Nivetha,

You can write a before BR as below and add conditions to suit your requirements

Nivetha K1 · ‎11-23-2020

Hi @Mouli Praneeth ,

I tried the above mentioned BR but it is not working.

Do we need to specify any condition in BR?

Thanks,

Nivetha K.

Mouli Praneeth · ‎11-23-2020

In this case you need to write this BR on sys_user_grmember(as you want to run this rule during the removal of users from a group) not on sys_user table.

Replace the query line with userRole.addQuery('user', current.sys_id);