Delete Access Governance Suite accounts non-programmatically

  • 7011070
  • 13-Dec-2011
  • 19-Oct-2012

Resolution

Sometimes it may be useful to be able to delete accounts without introducing new code. This might be necessary if code to process the desired deletion is not already in place and procedural rules within the organization make it too cumbersome or time-consuming to create and promote the required code.

Accounts can be deleted from the Access Governance Suite user interface one identity at a time.  Depending on the number of accounts to be deleted, this can be time consuming, but it presents very little risk of deleting accounts in error. Execute these steps to delete an account through the Access Governance Suite user interface.

  1. Click Define> Identities.
  2. Click an identity to open the View Identity window for that identity.
  3. Click the Application Accounts tab.
  4. Select the checkbox for the accounts you want to delete and click Delete.
  5. Click Save.

     ViewIdentitiesApplicationAccounts.PNG

If a large number of accounts need to be deleted, it is possible to do this from the command line. Please note that this action is risky and must be undertaken with care since it cannot be "undone."  Instructions for doing a command line bulk delete are provided below for those who have this need, feel confident that they can identify the criteria that will isolate the accounts to be deleted, and are comfortable taking on the associated risks.

  1. First, identify the criteria (in SQL terms) required to return only the accounts to be deleted. 
  2. At a command line prompt, enter the following to create a list of the ID values for the records to be deleted, saving that list in a file (deleteLinks.txt):
    • Iiq console > deleteLinks.txt
    • sql "select id from spt_link <the rest of the sql statement>"
    • quit
    This returns the list of IDs into the deleteLinks.txt file; its contents will look like this:
    • 2c9081a431f23fda0131f252a19c0b56
    • 2c9041b633d24edb0241f752c28c0a32
    • ...
  3. Edit the file to insert the text "delete Link " in front of each ID in the file.
    • delete Link 2c9081a431f23fda0131f252a19c0b56
    • delete Link 2c9041b633d24edb0241f752c28c0a32
    • ...
  4. Review the set of records carefully to ensure that the criteria are in fact correct before processing the deletion; this cannot be undone!  At the command line, source the file from the console to delete the accounts.
    • Iiq console > source deleteLinks.txt

Note: Deletions from the console do not invoke any Access Governance Suite workflow.

If you have any questions or confusion on this command-line delete process, please contact Support@netiq.com before attempting the deletion.