• State Not Answered
  • Replies replies
    3
  • Subscribers subscribers
    14
  • Views views
    236
  • Users 0 members are here
Related
Options

How to configure Holder to Permissions Mapping properly?

gtejo

Hello everyone,

We are trying to read level 10 roles that are assigned to identities in IDM's eDirectory, as permissions into IG.

For this, we have configured an App Permission Collector and the whole list of level 10 roles is read correctly into IG. However, we also want to map the assignment of those roles to the identities that are already collected in IG, by using the nrfMemberOf attribute present in the identity schema. But it is not working, what we configured was the section of "Collect holder to permissions mapping" to read identities and indicated in the "Holder permission(s)" field, the nrfMemberOf attribute where the list of assigned roles is present in the identities. We already checked the Administrative Guide, but there is no more information about how to fulfill this type of collection. Do you have any advice or comment on what is wrong with our configuration?

Thanks in advance,

  • 0  

    Greetings,
        Please utilize the IDM AE Permission collector. It was specifically designed for this and it is the Best Practice.


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus

  • 0 in reply to stevewdj

    Thanks a lot Steve,

    We have configured the IDM AE Permission Collector as suggested, but we are facing an error during collection execution. It is strange because the error does not appear when running "Test Collection and Troubleshooting" it comes when running the actual collection task.

    We dive into the documentation, but could not found much information on what to use on each field of the collector to configure it properly.

    The message from the error raised is the following:

    ------------------------------

    Error: Collecting entity 'PERMISSION_HIERARCHY_TO_PARENT'

    Missing required attribute. Refer to 'childPermissionId' in the following data:
    {"groupBy":"Role_Name_Example"}
    ------------------------------
    However I understand the childPErmissionId field is not mandatory in the configuration so nothing is set there. And that particular role, does not have any childs role linked directly as in our model Level 10 roles are single entitlement representation.
    Do you have any idea of what this error is related to?
    Regards,

Resources

Support
Documentation
Learning Services
CyberRes Academy
Partner Programs
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Conduct
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.