Highlighted
agorian Respected Contributor.
Respected Contributor.
166 views

Mapping Coverage maps to group members

Hi guys,

 

I must map reviewers base on group membership but haven't found a way to do this. All data is coming from Micro Focus IDM 4.7.3. I’m using IG 3.5.1.

Basically, one reviewer is member of a group named “D” + User.department (i.e. “D1234” and next review approval step, members of two groups: “owner-” + Permission.customAttribute and “auxiliary-” + Permission.customAttribute, that is, members of both “owner-ABCD” and “auxiliary-ABCD” groups, where “ABCD” is a permission custom attribute value.

 

I thought something like:

"Reviewer.user.provisioningId", "Group.name"

"Group.members", "D + User.department"

 

But I couldn’t even upload the file (Group.name could not be used).

 

The longest way is to create a map for each department (can have 10.000) and a loopback driver populating owner for each roll, but I prefer avoid this solution.

Labels (2)
0 Likes
2 Replies
Knowledge Partner
Knowledge Partner

Re: Mapping Coverage maps to group members

Group or permission?  Group has to come from the Identity source.  You could consider collecting the Identity source as an account as well.  Then you would have apermission for these groups, which you could then use as a permission based atttibute.


Also not sure you can build the string that way But you could use !ENDS_WITH! 12345

0 Likes
agorian Respected Contributor.
Respected Contributor.

Re: Mapping Coverage maps to group members

Hi Geoffrey,

 

Solution uses groups (groupOfNames), I added in Identity Source as a custom "ex_groups" attribute and could use like this:

"ReviewItem", "Reviewer"
"user.department == 9001", "user.ext_groups == cn=D9001,ou=Groups,o=data"
"user.department == 9002", "user.ext_groups == cn=D9002,ou=Groups,o=data"

 

Repeated 9999 times. Unfortunately there is no dynamic way, once user.department can be contained in others groups. So, !CONTAINS! is not an option.

 

About system owners and approvals, all was merged in owner attribute by a loopback driver and this attribute will be used as permission owner review.

 

Thanks for the answer.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.