Removing Group Memberships in the IDM Vault

coolguys1

0 Likes

over 4 years ago

Original Publish date: 2008-03-26

Problem

A Forum reader recently asked:

"Based on some events in IDVault, I want to trigger a policy on Subscrber/Evebt Transformation, which should remove all group-membership for the "current-user" / currentObject , so that user is not the member of any type of Groups in the IDVault at all."

And here is the response from Father Ramon ...

Solution

Actually, you have to remove each group membership individually in order for the reverse link to be removed. What you want to do is something more like this:

<do-for-each>
  <arg-node-set>
   <token-src-attr name="Group Membership"/>
  </arg-node-set>
  <arg-actions>
   <do-remove-src-attr-value name="Group Membership">
    <arg-value>
     <token-local-variable name="current-node"/>
    </arg-value>
   </do-remove-src-attr-value>
   <do-remove-src-attr-value name="Security Equals">
    <arg-value>
     <token-local-variable name="current-node"/>
    </arg-value>
   </do-remove-src-attr-value>
  </arg-actions>
</do-for-each>

Labels:

How To-Best Practice

Comment List

iWill over 3 years ago

Hi there,
Do you know how to copy/duplicate all group memberships from one user to another?
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel

Recommended

Menu

Identity Manager Tips & Information

Removing Group Memberships in the IDM Vault

Labels:

Resources