Remove Resource

Initiates a request to the Roles Based Provisioning Module (RBPM) to revoke the specified resource (in the Resource DN field) from the specified user (in the Authorized User DN field). This field is only available if the Identity Manager server version is set to 4.0.2 or later. You can specify optional arguments to the resource assignment request by using the <arg-string> argument. If a policy containing this action encounters an error, Designer generates the error as the local variable error.do-remove-resource. For more information about local error variables, see Local Variable Selector.

Fields

Resource DN

Specify the name of the resource to revoke, in LDAP format. Supports variable expansion. For more information, see Variable Selector.

User Application URL

Specify the URL of the User Application server hosting the Roles Based Provisioning module. Supports variable expansion. For more information, see Variable Selector.

Instance GUID

Specify the ID of the resource assignment for users for revoking a single instance of a multivalued resource. If you do not specify any value, all the instances of the resource are revoked. Supports variable expansion. For more information, see Variable Selector.

Authorized User DN

Specify the name of the user authorized to request the resource assignment, in LDAP format. Supports variable expansion. For more information, see Variable Selector.

Timeout Value

Specify the number of milliseconds you want Identity Manager to try to establish a connection to the User Application server before timing out. The default value is 0.

Password

Specify the authorized user password. You can enter a clear text password (not recommended) or use the Argument Builder to specify a Named Password.

Object

Select the target object type. This object can be the current object, or can be specified by a DN or an association.

DN or Association

Select the DN or association as the target object.

Strings

(Optional) Specify additional argument strings for the Resource assignment request. You can enter the strings manually, or select the Edit the Strings icon to open the Named String Builder and specify the strings. For more information about the Named String Builder, see Named String Builder.

The Remove Resource action supports the following string arguments:

String Name	Description
description	A description of the reason for the request used for auditing and (if necessary) approval purposes. Default: Request generated by policy.
CorrelationID	An identifier to correlate the resource revocation process. Default: Operation event Correlation ID If no value is specified for the argument, it uses the default value. NOTE:This string argument is not available in the Policy Builder user interface of this version.
EntitleParamKey	Specifies the value of the entitlement which needs to be removed in JSON format.

String Name

Description

description

A description of the reason for the request used for auditing and (if necessary) approval purposes.

Default: Request generated by policy.

CorrelationID

An identifier to correlate the resource revocation process.

Default: Operation event Correlation ID

If no value is specified for the argument, it uses the default value.

NOTE:This string argument is not available in the Policy Builder user interface of this version.

EntitleParamKey

Specifies the value of the entitlement which needs to be removed in JSON format.

Example

In the following example, for the “remove resource” action, provide values for all parameters including Instance guid. Create a parameter called EntitleParamKey in the Specify Strings field. The value of this field is the name of the entitlement which is to be removed in JSON format.