Delete Resources Activity
The Delete Resources activity is used to delete one or more resources in MIM / FIM.
Optional. Name of the activity to be displayed on the MIM / FIM workflow designer.
Required. Specifies how the activity will identify the target(s) for deletion. The possible values are:
- Use Workflow Target
- Resolve Target(s)
- Search for Target(s)
The default is "Use Workflow Target" which represents the target of the current request (i.e. [//Target]).
Required when "Resolve Target(s)" option is selected for Target for Deletion. Specify the lookup expression that will identify the targets for deletion e.g. [//Target/OwnedAccounts].
Required when "Search for Target(s)" option is selected for Target for Deletion. Specify the XPath search filter that will return the target(s) for deletion. e.g. /Group[BackLink = '[//Target/ObjectID]'].
Optional. The condition which must be satisfied for execution of this activity's core task (i.e. delete specified resource(s)). This can be any WAL function expression resolving to a boolean value. See Activity Execution Condition wiki for more information.
Optional. This is a lookup or function expression returning a collection of values to iterate over. See Iteration wiki for more information.
Required. The user under whose context all the child requests (delete requests) are submitted. Service Account (FIMService) is the default actor. See Request Actor wiki for more information.
Optional. When this setting is selected, the child delete requests will be subjected to any authorization MPRs configured. See Apply Authorization Policy wiki for more information.
Thoroughly test your activity before deploying into production especially if it's identifying the targets for deletion using a lookup expression or a search filter as it can cause unintended mass deletions. Using this activity in conjunction with an approval workflow is highly recommended.
This activity is not installed as an AuthZ activity by the WAL installer (Register.ps1 script), but can be installed as an AuthZ activity by editing the AIC for the activity using the MIM Portal. It's also worth noting that in an action workflow that runs on deletion event of a resource, no other attributes of the target resource except [//Target] (i.e. ObjectID of the target resource) is accessible as the object deletion has been already committed in the system by the time action workflow runs.
The following Delete Resources activity deletes the expired group when the group transitions into an "Expired Groups" set:
| Activity Display Name | Delete Expired Groups |
| Target for Deletion | Use Workflow Target |
The following Delete Resources activity deletes all the accounts owned by the user (when the user is deleted).
| Activity Display Name | Delete All Accounts Owned by User |
| Target for Deletion | Resolve Target(s) |
| Target Lookup | [//Target/xOwnedAccounts] |
This will be AuthZ workflow activity when the deletion request is end-user driven or the first action workflow activity in the user deletion workflow if deletion is due to set transition. In either cases, the child accounts are deleted first and then the parent account.
The following Delete Resources activity deletes all the groups owned by the user (when the user is deleted):
| Activity Display Name | Delete All Groups Owned by User |
| Target for Deletion | Search for Target(s) |
| Target Search Filter | /Group[DisplayedOwner = '[//Target/ObjectID]'] |
This will be AuthZ workflow activity when the deletion request is end-user driven or the first action workflow activity in the user deletion workflow if deletion is due to set transition. In either cases, the owned groups are deleted first and then the parent owner.