on 03-25-2013 4:47 AM
Hi,
I am trying to do Mass additions of privilege and role using Direct Reference property.
It works for Privileges. All the privileges gets assigned to the user without triggering the ADD MEMBER event tasks.
However, when I try the same with Business Roles which have these privileges, the requests shows "OK" status in IdM UI, but I am able to see the request for the privileges in GRC-AC Approver Inbox. I thought this functionality should be straight forward to use similar to Privileges. How can I also make the privileges within the business role to also have the "Direct Reference" property
Any pointers ?
Thanks
Murali.
Hi Murali,
Unfortunately the Direct_reference and Bypass_validity/member operators are not inherited to child assignments. I dont have any verified workarounds either, but perhaps one could be done using assignments with context that are checked in the validate/addmember tasks to bypass the actual operations.
Best regards,
Chris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Not much of a comfort, but you're not the first to request this. You can register a feature request to push it up the backlog item list, but it will still not be "next day delivery".
One potential workaround is to assign both the role AND the privileges using the direct-reference add operation during the mass-update, then unassign the direct privilege assignment afterwards. This means that the direct assignment of the privilege(s) is removed once the role/priv inheritance is calculated and the inherited assignment from the role will remain. Timing could be tricky, but it should be doable I think.
Br,
Chris
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.