IGA 4.2 Inherited Groups with AD Perm Collector

One of the Whats New features listed in the readme is :

  • Enable nested permission assignment collection when using AD Permission or eDirectory Permission Collectors to generate inherited assignments

In looking at an AD Perm collector, I see a checkbox in the service parameeters section for "Populate Nested Permission Assignments" and nothing else that looks like a way to enable nested permission assignment.

I swear that checkbox has been there for a few versions.

Is there any available insight into if this checkbox is what the what's new is referring to?   Or is it just different code that handles when you setup parent or child permission attributes correctly?

Based on past tests, that checkbox just created a direct assignment to every group your direct group membership was nested in, back to the original account, so it looked like your account have 2 (or more) memberships instead of the "real" one.   So I'm not sure that's the feature that's referenced.

--Jim

Tags: