on 02-22-2010 5:10 PM
Hello,
we 're using the GRC Provisioning Framework (with IDM 7.1 SP4 and GRC 5.3 SP10_1) and want to delete all existing roles from a user bevor we set new roles to him.
Is there a general command to do this or have the existing roles to be known?
Thanks,
Carsten
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Carsten
Are you talking about privileges or business roles?
Also: Take note: If a user looses all roles, he will be deleted form the target system!
But you can delete all roles with a ToIdentityStore pass with .
Hello Christian,
thanks for the quick answer. I'm talking about privileges.
In the To Identity Store, is it enough to set:
MSKEYVALUE -
%MSKEYVALUE%
MXREF_MX_PRIVILEGE -
Or do I have to set all existing roles behind the (like priv:grc:xxxx)?
Yes, this would do it.
But as I said, this removes all privileges from a users.
If the user has no more privileges on a target system, he will be deleted.
Maybe you test that with a test user first, to see how IDM reacts in your situation.
I have one last Question before I'll test it.
Will the SAP Privilege Framework or the GRC Privilege Framework delete the privileges?
The SAP Framework.
Many Thanks!
But is it also possible to delete privileges via GRC Provisioning Framework?
Best Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.