We have written the policy to remove the role from UserApplication to current object.
<?xml version="1.0" encoding="UTF-8"?><policy>
<rule>
<description>Revoke AD and Exchange role</description>
<comment xml:space="preserve">Revoke the role AD and Exchange role when emptype change to inactive.</comment>
<conditions>
<and>
<if-class-name mode="case" op="equal">User</if-class-name>
<if-op-attr mode="nocase" name="cdsEmpType" op="changing-to">I</if-op-attr>
<if-src-dn op="in-container">~cdsActiveEmployees~</if-src-dn>
</and>
</conditions>
<actions>
<do-remove-role id="~cdsRoleAdministratorDN~" role-id="cn=AD0400,cn=ADRoles,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApp45,cn=DriverSet,ou=System,o=VCC" time-out="0" url="~cdsUserAppURL~">
<arg-password>
<token-named-password name="cdsRoleAdministratorPassword"/>
</arg-password>
<arg-string name="description">
<token-text xml:space="preserve">Revoke the role when employee terminated through Bulk Creation driver</token-text>
</arg-string>
</do-remove-role>
<do-remove-role disabled="true" id="~cdsRoleAdministratorDN~" role-id="cn=Exchange,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApp45,cn=DriverSet,ou=System,o=VCC" time-out="0" url="~cdsUserAppURL~">
<arg-password>
<token-named-password name="cdsRoleAdministratorPassword"/>
</arg-password>
<arg-string name="description">
<token-text xml:space="preserve">revoke the exchange role through Bulk Creation driver</token-text>
</arg-string>
</do-remove-role>
</actions>
</rule>
</policy>
Error message while executing the logic.
DirXML Log Event ------------------- Driver: \ABC\CDF\System\DriverSet\Services Channel: Subscriber Status: Error Message: Code(-9206) Error in vnd.nds.stream://VCC-CDS/VCC/System/DriverSet/Services/Subscriber/Revoke+AD+and+Exchange+roles#XmlData:13 : Couldn't requ est revocation of role: 'cn=AD0400,cn=ADRoles,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppConfig,cn=UserApp45,cn=DriverSet,ou=System,o=VCC' from identity 'CN= TPATTANA,
com.novell.nds.dirxml.soap.UserAppClientException: java.rmi.RemoteException: HTTP 401 [10/25/24 04:46:10.061]:Services ST:Policy returned: