msira Respected Contributor.
Respected Contributor.
179 views

Mandatory versus Optional permissions in Business Roles

Hi. IG 3.5.

I need clarification on Mandatory versus Optional permissions. I don't
quite understand the difference.

According to the documentation:
When an authorization policy specifies Mandatory on a
permission, technical role, or application, it means that a
user is expected to have it if they are a member of the
business role. However, there is no enforcement of having
the mandatory item. Optional means the authorization policy
allows a user to have a resource, but the authorization
policy does not require it.

I understand the concept, but the implications are somewhat unclear. If
I define in a Business Role PermissionM as mandatory and PermissionO as
optional, and I set it to autorevoke and autogrant, both permissions
create fulfillment items and both trigger the automated provisioning
process. I would have expected that only mandatory permissions create
fulfillment targets.

If I then create an `User Access Review' and select both PermissionM and
PermissionO I can't find a way to only review Mandatory Permissions or
Optional Permission. If I select `Review only items that have not been
authorized by a business role' then neither Permission create a review
target. If I select `Review only items that have been authorized by a
business role' then both permissions create a review target.

What am I missing?
Tags (3)
0 Likes
1 Reply
AutomaticReply Absent Member.
Absent Member.

Re: Mandatory versus Optional permissions in Business Roles

msira,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.