User Offboarding - identify Roles owned by user

jitesh_jain · August 15, 2024, 12:45pm

Experts,

I have a use case to identify Provisioning Role(s) owned by user who is being off boarded/terminated.

I found below script which can be used to identify roles owned by a user but this script returns only requestable roles. I would like to identify all roles owned by a user irrespective of whether they are requestable or not.

Appreciate your suggestions.

Alternatively, if you have another way to accomplice this use case please feel free to share.

var targetFilter =  {"targetFilter": {
      "operator": "EQUALS",
        "operand": {
            "targetName": "glossary.idx./role.roleOwner",
            "targetValue": "managed/user/"+ userId
      }
    }}

  var results = openidm.action('iga/governance/catalog/search', 'POST', targetFilter, {});

grpensa · August 21, 2024, 3:17pm

There are a few ways of determining all roles assigned to a user.
For example, the REST endpoint ./managed/user/_id?_fields=roles would return such an array.

Of course, this does not necessarily map to the “effective roles”. The REST endpoint ./managed/user/_id?_fields=effectiveRoles may be the better view.

Do see Effective roles and effective assignments :: IDM 7.5.0 for the complete description.

Cheers.