cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Direct Reference property

Go to solution
Murali_Shanmu
Active Contributor

on ‎03-25-2013 4:47 AM

0 Kudos

Hi,

I am trying to do Mass additions of privilege and role using Direct Reference property. 

It works for Privileges. All the privileges gets assigned to the user without triggering the ADD MEMBER event tasks.

However, when I try the same with Business Roles which have these privileges, the requests shows "OK" status in IdM UI, but I am able to see the request for the privileges in GRC-AC Approver Inbox. I thought this functionality should be straight forward to use similar to Privileges. How can I also make the privileges within the business role to also have the "Direct Reference" property

Any pointers ?

Thanks

Murali.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-25-2013 10:52 AM
0 Kudos

Hi Murali,

Unfortunately the Direct_reference and Bypass_validity/member operators are not inherited to child assignments. I dont have any verified workarounds either, but perhaps one could be done using assignments with context that are checked in the validate/addmember tasks to bypass the actual operations.

Best regards,

Chris

Show replies
Show replies
Murali_Shanmu
Active Contributor
‎03-25-2013 3:36 PM
0 Kudos

Chris,

Thanks for your inputs.  We always use Business Role to group and apply Privileges. Now, I don't see much of a use for this operator on a Business Role. I was bit disappointed when the operator was not inherited by the child assignments. 

Former Member
‎03-25-2013 3:54 PM
0 Kudos

Hi,

Not much of a comfort, but you're not the first to request this. You can register a feature request to push it up the backlog item list, but it will still not be "next day delivery".

One potential workaround is to assign both the role AND the privileges using the direct-reference add operation during the mass-update, then unassign the direct privilege assignment afterwards. This means that the direct assignment of the privilege(s) is removed once the role/priv inheritance is calculated and the inherited assignment from the role will remain. Timing could be tricky, but it should be doable I think.

Br,

Chris

Answers (0)

Ask a Question