Recently I deployed an entitlement policy to provision a business role
which contains a permission role. Now a good portion of the accounts
have the same permission role showing up twice in the user portal
because the first was assigned, the second inherited.

I have created a rule but need some help to finish up the code. The
rule loops through the nrfAssignedRoles and nrfInheritedRoles attributes
to find a match on the component name "volume". The problem I'm having
is once I find a match, how do I remove that particular nrfAssignedRole?
It seem that remove source attribute value would be the logical choice?
Here is what I have so far, any help would be great.

<actions>
<do-for-each>
<arg-node-set>
<token-src-attr name="nrfAssignedRoles"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="vFoundMatch" scope="policy">
<arg-string>
<token-text xml:space="preserve">false</token-text>
</arg-string>
</do-set-local-variable>
<do-set-local-variable name="v_assigned_DoFor" scope="policy">
<arg-string>
<token-xpath
expression="$current-node/component[@name=&apos;volume&apos;]&#xd;&#xa;"/>
</arg-string>
</do-set-local-variable>
<do-for-each>
<arg-node-set>
<token-attr name="nrfInheritedRoles"/>
</arg-node-set>
<arg-actions>
<do-set-local-variable name="v_inherited_DoFor" scope="policy">
<arg-string>
<token-xpath
expression="$current-node/component[@name=&apos;volume&apos;]&#xd;&#xa;"/>
</arg-string>
</do-set-local-variable>
<do-if>
<arg-conditions>
<or>
<if-xpath
op="true">contains($v_inherited_DoFor,$v_assigned_ DoFor)</if-xpath>
</or>
</arg-conditions>
<arg-actions>
<do-set-local-variable name="$vFoundMatch$" scope="policy">
<arg-string>
<token-text xml:space="preserve">true</token-text>
</arg-string>
</do-set-local-variable>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
<do-if>
<arg-conditions>
<and>
<if-local-variable mode="nocase" name="$vFoundMatch$"
op="equal">true</if-local-variable>
</and>
</arg-conditions>
<arg-actions>
<do-remove-src-attr-value name="nrfAssignedRoles">
<arg-value type="structured">
<arg-component name="volume">
<token-local-variable name="$current-node$"/>
</arg-component>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
<arg-actions/>
</do-if>
</arg-actions>
</do-for-each>
<do-veto/>
</actions>
</rule>
<rule>


--
johnbirkmeier
------------------------------------------------------------------------
johnbirkmeier's Profile: https://forums.netiq.com/member.php?userid=860
View this thread: https://forums.netiq.com/showthread.php?t=48251