on 10-17-2014 4:28 PM
Hello Matthew,
that works pretty nicely, if you use it like this:
Then only the roles and their hierarchy (privileges and roles) are shown. But the user can change the filter any time to search for other things.
If you don't want to give the user that choice, then you just enable the check box "Read only search filter", too, and the user has to live with that default filter and can't change it.
But like I said, that's all explained, if you click on "Help" in your screenshot there. The IDM help is pretty good.
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Steffi,
I have a doubt here. I dint give ROLE* in default search filter and just ticked Include direct assignments only
But that did not work. As per help file, my understanding was that indirect assignments (meaning the privileges in the role) wouldn't be displayed.
Please help me in understanding the use of Include direct assignments only check box
Kind regards,
Jai
Hmm, but the help says:
If a displayed role has inherited assignments, you will still be able to browse
the hierarchy below the role.
With the filter you set, which content is displayes, when you call the UI mask. And I would understand this option that way, that you will only see direct assignments on the top level, but if a directly assigned role has a hierarchy, it will be displayed and you can see the through the direct role indirectly to the user assigned roles and privileges.
And when I test it, this is exactly what I see for this attribute. ^^
Hi Jai,
The filter "direct assignments only" is working as it should. You can have direct assignments to the person and you can see only them with this filter on, but still you are able to browse business roles assignments in order to be able to do that, this filter you set should not work for browsing business roles, otherwise you won't see any privileges or other business roles, because they are indirectly attached to the business role you are browsing. So this is the reason why the filter works only for first level of assignments.
Best regards,
Ivan
Hi All,
It didn't work for me either. I set the option both at the attribute level and in the UI task that held the attribute. Any other ideads?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jai,
The setting for both the attribute and UI attribute are display below:
Attribute
UI Attribute:
When I open a Identity through the change 'UI Task' I still see the all of the privileges as well as the role with the corresponding privileges.
I only want to see the roles and their corresponding privileges as per the latter screenshot?
Hi Jai, this work fine for direct assignment of roles/privileges and any inherited privileges from the role, but if a role has been provisioned through dynamic groups (indirect) then it isn't displayed.
If i was to type in Role* in the UI task on the search option it displays the roles (whether direct/indrect) and their inherit privileges. This is what I am really looking for.
Hello Matthew,
yes, we have that in use for some UI masks. But I think, it is pretty self-explanatory and the help for it explains it well, too.
What exactly is confusing for you there?
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Steffi,
I didn't look at any help docs for this as I wasn't aware there was any. Current our IdM system shows all the roles and privilges asssigned to users which can be quite busy. I was hoping that I could use option to filter out the priivileges and only show the role. The user then can expand the role if they want to view privileges and its status?
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.