This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure Holder to Permissions Mapping properly?

Hello everyone,

We are trying to read level 10 roles that are assigned to identities in IDM's eDirectory, as permissions into IG.

For this, we have configured an App Permission Collector and the whole list of level 10 roles is read correctly into IG. However, we also want to map the assignment of those roles to the identities that are already collected in IG, by using the nrfMemberOf attribute present in the identity schema. But it is not working, what we configured was the section of "Collect holder to permissions mapping" to read identities and indicated in the "Holder permission(s)" field, the nrfMemberOf attribute where the list of assigned roles is present in the identities. We already checked the Administrative Guide, but there is no more information about how to fulfill this type of collection. Do you have any advice or comment on what is wrong with our configuration?

Thanks in advance,

Parents
  • Greetings,
        Please utilize the IDM AE Permission collector. It was specifically designed for this and it is the Best Practice.


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus

Reply
  • Greetings,
        Please utilize the IDM AE Permission collector. It was specifically designed for this and it is the Best Practice.


    Sincerely,
    Steven Williams
    Principal Enterprise Architect
    Micro Focus

Children
  • Thanks a lot Steve,

    We have configured the IDM AE Permission Collector as suggested, but we are facing an error during collection execution. It is strange because the error does not appear when running "Test Collection and Troubleshooting" it comes when running the actual collection task.

    We dive into the documentation, but could not found much information on what to use on each field of the collector to configure it properly.

    The message from the error raised is the following:

    ------------------------------

    Error: Collecting entity 'PERMISSION_HIERARCHY_TO_PARENT'

    Missing required attribute. Refer to 'childPermissionId' in the following data:
    {"groupBy":"Role_Name_Example"}
    ------------------------------
    However I understand the childPErmissionId field is not mandatory in the configuration so nothing is set there. And that particular role, does not have any childs role linked directly as in our model Level 10 roles are single entitlement representation.
    Do you have any idea of what this error is related to?
    Regards,