sumitmf Trusted Contributor.
Trusted Contributor.
414 views

Permission Duplication Warnings.

Hello,
I am running eDirectory Permission Collector to collect permissions. I am getting following warning messages for around 8000 permissions . I am not sure what this warning means. Does it means there is already a permission in catalog for this uniqueid and this will be ignored as duplicate. Can I ignore these warnings ?

Warning: Collecting entity 'PERMISSION' - Marked as duplicate object because an existing object was found with the same identity in permission with uniqueId = 'c9c0e01a-61ef-373f-a48f-2cd8426e5c7b' (1 duplicates found)

Thanks
0 Likes
3 Replies
Micro Focus Expert
Micro Focus Expert

Re: Permission Duplication Warnings.

On 3/20/19 8:56 AM, sumitmf wrote:
>
> Hello,
> I am running eDirectory Permission Collector to collect permissions. I
> am getting following warning messages for around 8000 permissions . I am
> not sure what this warning means. Does it means there is already a
> permission in catalog for this uniqueid and this will be ignored as
> duplicate. Can I ignore these warnings ?
>
> *Warning: Collecting entity 'PERMISSION' - Marked as duplicate object
> because an existing object was found with the same identity in
> permission with uniqueId = 'c9c0e01a-61ef-373f-a48f-2cd8426e5c7b' (1
> duplicates found)*
>
> Thanks
>
>

Greetings,
In your eDirectory Collector (so you are most likely using groups as
permissions), did you utilize "Collect Permission to Holders Mappings"
or "Holder to Permissions Mapping"


--
Sincerely,
Steven Williams
Principal Enterprise Architect
Micro Focus
0 Likes
sumitmf Trusted Contributor.
Trusted Contributor.

Re: Permission Duplication Warnings.

I am using Permission-Account or User Mapping in the eDirectory Permission Collector. I am not using separate "Collect Permission to Holders Mappings"
or "Holder to Permissions Mapping" . Thanks.
0 Likes
fp_idmworks Super Contributor.
Super Contributor.

Re: Permission Duplication Warnings.

I have a customer that has a lot of permission errors with the RBPM collector or the Identity Manager AE Permission Collector.

I am waiting to hear back from them with more details on the nrf based attributes on the users, but in my own testing I found that if I have a dynamic group or even a static group assignment as well as a direct assignment to the user, it will find there is a duplicate permission. I bring this up with the RBPM application source as it doesn't let you configure much on what will or won't be collected. I left the default settings other than the filter, and connection parameters.

I would look at the static and dynamic group memberships, the nrf based attributes on a given user and look to see where the duplicate may be coming from. Even though it gave a duplicate message, based on the catalog, once published, it apears that I only have one Role listed as assigned. So I'm assuming it will only publish one of them and so when it comes to fulfilment you may have an issue with cleaning up all permissions for a given role if there are multiple type of grants for the user to the role. Your situation with eDir permissions may be completely different as you may be dealing with nested groups, dynamic and static assignments, etc.

I realize that my use case is different but at the same time it might give some insight. I would suggest taking a user with the issue, and duplicating it with a dummy account to see when it is reproducable for that account and then look at their attributes through a LDAP browser to see what may be telling in how the duplicate permissions are granted and then of course analyzing how to best remove the duplicates when the account does need to have the permissions removed. Maybe a workflow to help find the duplicate permissions.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.