on 12-07-2015 4:47 AM
Hello experts,
Warm Greetings!!
I have encountered an situation where the user requested for assignment of the role and immediately requested for deassignment of the same role.
Actions perfromed:
Please find the below screen shot regarding the role assignment status for the user
In some earlier posts i believe i have seen some one suggesting to change the mcexexstate to 1 and then reconcile the user assignments and then remove the role.
If the above solutions needs to be implemented then which record i need to update in the mxi_link table. is it only record with status with 1536?
Can you kindly help me in this scenario.
thanks in advance.
Hi DP,
Did you reconcile the Role in IDM ?
Normally role with status as 1536/1025 , if reconciled it would get removed automatically.
Before and after reconciliation of role, check if mcorphan = 1 or 0 if role does not get removed from the user.
If this does not work, then run below query and see if it works.
update mxi_link set mcdelaudit=NULL,mcchecklink=sysdate,mcexecstate in (1536,1025) where mcthismskey=<usermskey> and mclinktype=2 and mclinkstate<2 and mcothermskey=<rolemskey> ..
Regards,
Pradeep
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi DP,
Have you tried to remove using the linkid?
1) Get the link ID if the assignment from view idmv_linkaudit_basic
2) In toIdentityStore pass, it should be like {d}{linkid=xxxx}<priv or role name>
Kind regards,
Jai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
24 | |
11 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.