on 08-21-2014 1:40 AM
Hi,
Due to many variations and requirement for derived roles, we have a number of nested roles on IdM, containing all single abap roles (i.e no composites).
The issue that I see now:
Scenario: Parent role, with no direct privileges assigned, containing 2 child roles, with assigned privileges.
Assigning the parent role to a user gives the expected result.
Then I assign the two child roles directly and save. No impact to provisioning, as expected
If I then remove the parent role, the de-provisioning process kicks in, and removes all the access from the user, even though they still have the 2 child roles assigned.
Even if I directly assign a privilege on the impacted system, the full set of roles is not assigned.
Reconciliation is set to true.
Version 7.20 SP6
I was wondering if someone could try this out for me on 7.2 SP9, and let me know if the result is the same.
Hi Henrik,
I assume you are only making changes via the Web UI and not via the MMC console?
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.