Hi IDM experts,
I am trying to finding out what script or job in IDM removes all of the PRIV:SYSTEM:$Rep and the PRIV:$Rep:ONLY privileges when the attribute MX_INACTIVE is set.
When setting MX_INACTIVE the user is not deleted in the UI but set to inactive and hidden as expected, and all of PRIV:SYSTEM:$Rep and the PRIV:$Rep:ONLY privileges are removed which will then deprovision the users account from the back end subsystems.
What I am trying to achieve is to stop the PRIV:SYSTEM:$Rep and the PRIV:$Rep:ONLY privileges from being removed when MX_INACTIVE is set, to stop the user account being deleted in the subsystems, as we still want to disabled the accounts in the subsystem rather than delete.
I know MX_DISABLED will lock the UI user and the subsystem account, but it will not hide the user from the person list in the UI.
According to the Identity store schema document:
"Setting an entry to inactive has the same effect as deleting it, i.e. the attribute triggers the deprovisioning
task for all target systems of the identity. Depending on the type of a specific target
system, the de-provisioning task deletes or locks the user account."
Does anyone have any idea's what or where in the deprovisioning process causes these privileges to be removed.
Kind Regards
Steve
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.