on 04-18-2016 11:36 AM
Hi experts,
I am trying to create a Dynamic Group and assign some person to it.
I did it as follows;
1. checked person with condition as department = korea.
there are 8 persons.
2. create dynamic group and name it DG_korea
3. And add target definition as follows and save it.
4. But if I press search button in 'Assigned Users' tab, there says 'No entries returned'.
5. If I check the target filter ..
********
Can anyone tell me what did I missed or did wrong?
After create Dynamic group and assign persons to it, I planed to assign role and privileges to it.
Best regards,
dongsu
Hello Dongsu,
Could you please check your SQL query again. I think it should be like
Select B.mcMskey................
as you are using Idmv_entry_simple B view.
Please run your query in MS-SQL database and verify whether it is returning those 8 entries.
Regards,
C Kumar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OK good advice, thanks,
the query is
"select DISTINCT(mcmskey) from idmv_entry_simple B with(nolock) inner join idmv_vna M4 on B.mcmskey = M4.mskey where mcIDStore=%IDSID% and (M4.ATTRNAME = 'MX_DEPARTMENT' and M4.sval='KOREA')"
and when I run this in MS SQL Server Management Studio, it return error with msg
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near 'IDSID'.
Here the IDSID was defined as integer type.
So I changed the query changing mcIDStore=%IDSID% to mcIDStore=1
then it works and returned 8 values.
(if I check developer studio, my identity store looks have number 1 like "1/T1_IdentityStore". So I choose number 1)
Here, can you give me more advice?
dongsu
Hi experts,
I just found one interesting thing about this problem.
In MS SQL Developer Studio,
if I change %IDSID% to IDIS in original query statement, it works find.
Because it is basically eclipse, I can choose possible variables in screen.
So it looks like that the variable name was changed but this part is not updated.
a kind of bug.
But I can not issue customer report for this because now I am not on actual customer project but preparation of PoC.
How do you think?
Can any one help me?
dongsu
Hi,
%IDSID% is an internal IdM notation. When running the query in SQL Dev Studio you ned to change %IDSID% to the id of your IdStore.
As for not getting any members in your dyn group, you will need to calcualte the dynamic group.
This may be done by using the internal function uIS_ResolveDynamicGroup(GroupID)
BR,
Ole K.
Dear Ole Kristian Rosberg,
%IDSID% is an internal IdM notation. When running the query in SQL Dev Studio you need to change %IDSID% to the id of your IdStore.
==> thank you.
As for not getting any members in your dyn group, you will need to calcualte the dynamic group.
This may be done by using the internal function uIS_ResolveDynamicGroup(GroupID)
==> Would you explain this little more, please?
How to calculate the dynamic group?
Best Regards,
dongsu
Hi,
See Maintaining Dynamic Groups - SAP Identity Management Configuration Guide - SAP Library
To resolve a dynamic group yo create a scheduled job with a ToGeneric pass.
Job:
Source:
Destination:
Script:
Regards,
Ole K.
Dear Ole Kristian Rosberg,
Thank you very much.
This is what I was looking for.
But ..
my IDM is 8.0 SP0 on Windows Server 2008 R2 using Sql server 2012.
And there is some unexpected response.
It runs too long.
And the persons not linked to Dynamic Group even though there was no error.
I will do this again after upgrading my IDM from 8.0 SP0 to 8.0 SP2.
I will update the result next week.
Best Regards,
dongsu
Hi Dongsu ,
I remember facing the same issue while creating Dynamic group in IDM 8.0 SP0.
As mentioned by C kumar this is because of the "mcIDStore=%IDSIS%" in the SQL query.
To update the value of Identity store we made the changes in the Forms Package.
1)Search for the form Modify Dynamic group.
2)In the attribute tab make the attribute editable for the Field 'Target Filter'.
3)Update the value of Identity Store (In your case its 1) instead of %IDS_ID% in the UI and Save.
4)Again update the attribute for field 'Target Filter' to display only.
Hope this will help.
Regards,
Saurabh
Dongsu,
There are many ways to assign roles during provisioning, and personally, I feel that the use of dynamic groups is probably the worst.
I would just create a workflow that evaluates group memberships for newly created users and string them along as a process.
For example:
Check location
Add appropriate groups
Check Department
Add appropriate groups
Check Manager
....
This can be done either with scripts or conditional tasks.
Not sure the meaning of your graphic from Gartner.
Regards,
Matt
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.