fp_idmworks Super Contributor.
Super Contributor.
315 views

3.5 -- duplicate permission warnings

Any sure process on finding the duplicates in question? Since it is collecting all the data and seeing the number of duplicates, it would be nice to have a way to report what the duplicates are so that we can easily look at what data may need to be cleaned up. Or is there consideration to store all permissions regardless of multiple duplicates in the future so that a review or report could be ran to help identify the duplicates.

My concern is that if you have a duplicate entry but IG only stores one permission and not all of the duplicates, then when a fulfillment happens it only handles the one. The reviewer assumes only one permission and that it should now be removed.

Example, if you have a dynamic group assignment to a role, and then a static user assignment to a resource associated to the role, you will have duplicates. Or I am assuming if you have multiple dynamic groups associated with multiple roles and those roles contain some of the same resources, etc.

So I get that eliminating duplicates may not be what is desired, depending on the implementation and use case. But it would be nice to store them all and evaluate all of them or at least notify a reviewer that there has been multiple detected and that further reviews will need to be assessed, etc...

Am I over thinking this?
Any way to dump the duplicate data out? I have two customers with 10k+ warnings with collections for duplicate permissions. Not that many duplicates, but that many warnings with maybe as many as 21 duplicates, I have seen on a group.

Currently I am doin an export of all objects with a DirXML-Entitlementref and nrfAssignedResource. I then export it to csv and open it with notepad and search on the permisionId value to pull up all within the current document. I'm assuming that is an Okay approach, but tedious.

thanks,
Fred
0 Likes
1 Reply
AutomaticReply Absent Member.
Absent Member.

Re: 3.5 -- duplicate permission warnings

fp,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.