cancel
Showing results for 
Search instead for 
Did you mean: 

how to remove the roles assigned to user with status as 1536/1025

devaprakash_b
Active Contributor
0 Kudos

Hello experts,

Warm Greetings!!

I have encountered an situation where the user requested for assignment of the role and immediately requested for deassignment of the same role.

Actions perfromed:

  • I have tried removing the role from IDM Standard UI and even from Console using the attribute operator {e} but still the roles is not deleted.
  • Add the same role to the user as {Direct_reference=1}, but getting overlapping error as the role is already assigned to the user
  • Checked for orphan privileges and no orphan priv's available for that user
  • Check for the mcexecstate value for the user, then i found the status is in 1536.

Please find the below screen shot regarding the role assignment status for the user

In some earlier posts i believe i have seen some one suggesting to change the mcexexstate to 1 and then reconcile the user assignments and then remove the role.

If the above solutions needs to be implemented then which record i need to update in the mxi_link table. is it only record with status with 1536?

Can you kindly help me in this scenario.

thanks in advance.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi DP,

Did you reconcile the Role  in IDM ?

Normally role with status as 1536/1025 , if reconciled it would get removed automatically.

Before and after reconciliation of role, check if mcorphan = 1 or 0 if role does not get removed from the user.

If this does not work, then run below query and see if it works.

update mxi_link set mcdelaudit=NULL,mcchecklink=sysdate,mcexecstate in (1536,1025) where mcthismskey=<usermskey> and mclinktype=2 and mclinkstate<2 and mcothermskey=<rolemskey> ..

Regards,

Pradeep

jaisuryan
Active Contributor
0 Kudos

Hi DP,

Have you tried to remove using the linkid?

1) Get the link ID if the assignment from view idmv_linkaudit_basic

2) In toIdentityStore pass, it should be like {d}{linkid=xxxx}<priv or role name>

Kind regards,

Jai