on 05-28-2014 3:21 AM
Hi experts,
I am using SAP IDM 7.2
We have a multivalue attribute MXREF_MX_PRIVILEGE which contains more than one privileges. This attribute is assigned to user xyz.
The requirement is that when system/administrator is Disabling the user xyz then it should add grace period(Valid To date) to some of the privileges which is under the MXREF_MX_PRIVILEGE attributes.
But whenever i tried to do so its showing overlapping error.
To fix this issue i removed the particular privileges by using {d} first and then Re-assigned that privilege again with the grace period to the user xyz but again i am getting Overlapping error.
Could you please guide how to fix this.
Thanks in Advance
Regards,
C Kumar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The {R} operator is "replace" and will remove all other existing direct assigned privilege assignments. As a result only the inherited privileges and the one(s) you specify after the {R} operator would remain.
A modification can be done using the linkid and setting a new validfrom and/or validto:
MXREF_MX_PRIVILEGE {LINKID=3456!!VALIDFROM=2014-05-28!!VALIDTO=2015-06-11!!LINKREASON=User was disabled, starting grace period}<Manager>
This means that you need a script to loop through all direct assigned privileges that you want to put into a grace period, find their link-id and set the validto to today+14 days using the syntax above.
If these privileges are inherited from a role you need to modify the role validity instead. If have multiple direct assignement validities you can use the {E} operator to remove the other future asssignments for the privilege. Example:
{E}{LINKID=1234!!VALIDTO=<today+14 days)}<privilege1 name>|{E}{LINKID=5678!!VALIDTO=<today+14 days)}<privilege2 name>|
Br,
Chris
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.