Initiates a request to the Roles Based Provisioning Module (RBPM) to revoke the Role specified by role-id from an Identity.
The target Identity is specified by either <arg-dn> or <arg-association> if specified or by the current object otherwise. If specified by <arg-dn>, the DN must in LDAP format. The request is made to the RBPM enabled User Application server specified by url using credentials specified by id and <arg-password>. Additional optional arguments to the Role assignment request may be specified by the following named <arg-string>s.
If any type of error occurs while requestion the role assignment, the error string is available to the enclosing policy in the local variable named error.do-remove-role. Otherwise that local variable is not available.
<do-remove-role id="cn=RoleAdmin,o=People" url="http://localhost:8080/IDMProv" role-id="cn=Contractor,cn=Level30,cn=RoleDefs,cn=RoleConfig, cn=AppConfig,cn=UserApplication,cn=DriverSet,o=novell"> <arg-password> <token-named-password name="role-admin"/> </arg-password> <arg-string name="description"> <token-text>Requested by policy because isContractor attribute set to false</token-text> </arg-string> </do-remove-role>
( arg-password, (arg-dn | arg-association ) ? , arg-string * )
Element |
Description |
---|---|
Actions that are performed by a <rule>. |
|
Association argument. |