Anonymous_User Absent Member.
Absent Member.

Re: Assign Role to Group in a driver

On 10/30/2013 04:19 PM, Steven Williams wrote:
> On 10/30/2013 03:51 PM, Geoffrey Carman wrote:
>> Watch me really annoy Steve. 🙂
>>
>> In the RRsD if you know the scope of the objects you could add a
>> sub-event policy that transformed the nrfCategory value. 🙂
>>
>> But steve will note this will invalidate support. 🙂 Just saying....
>>
>>
>> On 10/30/2013 3:34 PM, TellierS wrote:
>>>
>>> BAD REQUESTS
>>>
>>> dn:
>>> cn=20131030161337-5e532467df754ce282cfb4427e34d5a6-0,cn=Requests,cn=Role
>>> Config,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYS
>>>
>>>
>>> TEM
>>> objectClass: Top
>>> objectClass: nrfRequest
>>> cn: 20131030161337-5e532467df754ce282cfb4427e34d5a6-0
>>> nrfRequestDate: 20131030151337Z
>>> nrfStatus: 80
>>> nrfApprovalInfo::
>>> PGFwcHJvdmFsPjxzdGFydF90bT4yMDEzMTAzMDE1MTMzOFo8L3N0YXJ0X3
>>> RtPjxwcm9jZXNzX2lkPjMzZGQyNzNkYjI2MTQzOWJiYmE2NTA3MjE0NmQ3MzMwPC9wcm9jZXNzX
>>>
>>>
>>> 2lkPjxhY3Rpdml0eT48dXNlcj5jbj1VQS1hZG1pbixvdT1URkFjY291bnRzLG89RGV2ZWxvcHBl
>>>
>>>
>>> bWVudDwvdXNlcj48YWN0aW9uPnRpbWVkb3V0PC9hY3Rpb24+PGFjdGlvbl90bT4yMDEzMTAzMDE
>>>
>>>
>>> 1MTM0NFo8L2FjdGlvbl90bT48L2FjdGl2aXR5PjxhY3Rpdml0eT48dXNlcj5jbj1VQS1hZG1pbi
>>>
>>>
>>> xvdT1URkFjY291bnRzLG89RGV2ZWxvcHBlbWVudDwvdXNlcj48YWN0aW9uPmFwcHJvdmVkPC9hY
>>>
>>>
>>> 3Rpb24+PGFjdGlvbl90bT4yMDEzMTAzMDE1MTM0NFo8L2FjdGlvbl90bT48L2FjdGl2aXR5Pjxl
>>>
>>>
>>> bmRfdG0+MjAxMzEwMzAxNTEzNDRaPC9lbmRfdG0+PC9hcHByb3ZhbD4=
>>> nrfApprovalProcessId: 33dd273db261439bbba65072146d7330
>>> nrfCategory: 10
>>> nrfCorrelationId: Wed Oct 30 16:13:37 CET 2013
>>> nrfDecisionDate: 20131030151344Z
>>> nrfDescription:
>>> nrfImmediate: FALSE
>>> nrfRequestDef:
>>> cn=CebereRoleRequestNotification,cn=RequestDefs,cn=AppConfig,
>>> cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfRequester: cn=UA-admin,ou=TFAccounts,o=Developpement
>>> nrfSourceDN:
>>> cn=Role_1356081683826,cn=Level10,cn=RoleInstances,cn=RoleConfig
>>> ,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfStartDate: 20131030151337Z
>>> nrfTargetDN: cn=TestRole2group,ou=populations,o=Developpement
>>>
>>>
>>> dn:
>>> cn=20131030120729-b8b3c114ea1c4eb9994630bd5d644772-0,cn=Requests,cn=Role
>>> Config,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYS
>>>
>>>
>>> TEM
>>> objectClass: Top
>>> objectClass: nrfRequest
>>> cn: 20131030120729-b8b3c114ea1c4eb9994630bd5d644772-0
>>> nrfRequestDate: 20131030110729Z
>>> nrfStatus: 80
>>> nrfCategory: 10
>>> nrfCorrelationId: b4544af502cd44fea34ddf4dc1e30db8
>>> nrfDecisionDate: 20131030110729Z
>>> nrfDescription: Role2OU
>>> nrfImmediate: TRUE
>>> nrfOriginator: USER_APP
>>> nrfRequester: cn=UA-admin,ou=TFAccounts,o=Developpement
>>> nrfSourceDN:
>>> cn=SAP-AQ1CLNT100,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppCo
>>> nfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfStartDate: 20131030110729Z
>>> nrfTargetDN: ou=testACL,ou=populations,o=Developpement
>>>
>>> *GOOD REQUEST* nrfCategory and nrfStatus changed
>>>
>>> nrfCategory = 30 for Group
>>> nrfCategory = 40 for OU
>>>
>>> nrfStatus = 10 to restart request
>>>
>>> dn:
>>> cn=20131030120729-b8b3c114ea1c4eb9994630bd5d644772-0,cn=Requests,cn=Role
>>> Config,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYS
>>>
>>>
>>> TEM
>>> objectClass: Top
>>> objectClass: nrfRequest
>>> cn: 20131030120729-b8b3c114ea1c4eb9994630bd5d644772-0
>>> nrfRequestDate: 20131030110729Z
>>> nrfStatus: 50
>>> nrfCategory: 40
>>> nrfCorrelationId: b4544af502cd44fea34ddf4dc1e30db8
>>> nrfDecisionDate: 20131030110729Z
>>> nrfDescription: Role2OU
>>> nrfImmediate: TRUE
>>> nrfOriginator: USER_APP
>>> nrfRequester: cn=UA-admin,ou=TFAccounts,o=Developpement
>>> nrfSourceDN:
>>> cn=SAP-AQ1CLNT100,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppCo
>>> nfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfStartDate: 20131030110729Z
>>> nrfTargetDN: ou=testACL,ou=populations,o=Developpement
>>>
>>> dn:
>>> cn=20131030111033-5fd8253b1fbf42569fc2fbdbfe8b311e-0,cn=Requests,cn=Role
>>> Config,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYS
>>>
>>>
>>> TEM
>>> objectClass: Top
>>> objectClass: nrfRequest
>>> cn: 20131030111033-5fd8253b1fbf42569fc2fbdbfe8b311e-0
>>> nrfRequestDate: 20131030101033Z
>>> nrfStatus: 50
>>> nrfCategory: 30
>>> nrfCorrelationId: 7d456c95e16f40f48e8d23e15784d2c3
>>> nrfDecisionDate: 20131030105631Z
>>> nrfDescription: Test Role2group
>>> nrfImmediate: TRUE
>>> nrfOriginator: USER_APP
>>> nrfRequester: cn=UA-admin,ou=TFAccounts,o=Developpement
>>> nrfSourceDN:
>>> cn=SAP-AQ1CLNT100,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppCo
>>> nfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfStartDate: 20131030101033Z
>>> nrfTargetDN:
>>> cn=POP-ETNIC-L10-EXP,ou=AdminsGrp-old,ou=Groups,o=Developpement
>>>
>>>

>>

> Greetings,
> I can reproduce the "problem" using soapUI. In that if outline
> USER_TO_ROLE and provide a Group then the Role Request itself will fail
> with the 80. If I provide GROUP_TO_ROLE as the assignmentType and
> provide a group it works correctly.
>
> This is most definitely is a bug in the IDM add-role action. They need
> to allow for all of the correct assignmentType values or outline that
> the add and remove role actions can only be used on "users".
>
>
>
>
>

Greetings,
I have logged this as Bug 848384

--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Assign Role to Group in a driver

On 10/30/2013 04:19 PM, Steven Williams wrote:
> On 10/30/2013 03:51 PM, Geoffrey Carman wrote:
>> Watch me really annoy Steve. 🙂
>>
>> In the RRsD if you know the scope of the objects you could add a
>> sub-event policy that transformed the nrfCategory value. 🙂
>>
>> But steve will note this will invalidate support. 🙂 Just saying....
>>
>>
>> On 10/30/2013 3:34 PM, TellierS wrote:
>>>
>>> BAD REQUESTS
>>>
>>> dn:
>>> cn=20131030161337-5e532467df754ce282cfb4427e34d5a6-0,cn=Requests,cn=Role
>>> Config,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYS
>>>
>>>
>>> TEM
>>> objectClass: Top
>>> objectClass: nrfRequest
>>> cn: 20131030161337-5e532467df754ce282cfb4427e34d5a6-0
>>> nrfRequestDate: 20131030151337Z
>>> nrfStatus: 80
>>> nrfApprovalInfo::
>>> PGFwcHJvdmFsPjxzdGFydF90bT4yMDEzMTAzMDE1MTMzOFo8L3N0YXJ0X3
>>> RtPjxwcm9jZXNzX2lkPjMzZGQyNzNkYjI2MTQzOWJiYmE2NTA3MjE0NmQ3MzMwPC9wcm9jZXNzX
>>>
>>>
>>> 2lkPjxhY3Rpdml0eT48dXNlcj5jbj1VQS1hZG1pbixvdT1URkFjY291bnRzLG89RGV2ZWxvcHBl
>>>
>>>
>>> bWVudDwvdXNlcj48YWN0aW9uPnRpbWVkb3V0PC9hY3Rpb24+PGFjdGlvbl90bT4yMDEzMTAzMDE
>>>
>>>
>>> 1MTM0NFo8L2FjdGlvbl90bT48L2FjdGl2aXR5PjxhY3Rpdml0eT48dXNlcj5jbj1VQS1hZG1pbi
>>>
>>>
>>> xvdT1URkFjY291bnRzLG89RGV2ZWxvcHBlbWVudDwvdXNlcj48YWN0aW9uPmFwcHJvdmVkPC9hY
>>>
>>>
>>> 3Rpb24+PGFjdGlvbl90bT4yMDEzMTAzMDE1MTM0NFo8L2FjdGlvbl90bT48L2FjdGl2aXR5Pjxl
>>>
>>>
>>> bmRfdG0+MjAxMzEwMzAxNTEzNDRaPC9lbmRfdG0+PC9hcHByb3ZhbD4=
>>> nrfApprovalProcessId: 33dd273db261439bbba65072146d7330
>>> nrfCategory: 10
>>> nrfCorrelationId: Wed Oct 30 16:13:37 CET 2013
>>> nrfDecisionDate: 20131030151344Z
>>> nrfDescription:
>>> nrfImmediate: FALSE
>>> nrfRequestDef:
>>> cn=CebereRoleRequestNotification,cn=RequestDefs,cn=AppConfig,
>>> cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfRequester: cn=UA-admin,ou=TFAccounts,o=Developpement
>>> nrfSourceDN:
>>> cn=Role_1356081683826,cn=Level10,cn=RoleInstances,cn=RoleConfig
>>> ,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfStartDate: 20131030151337Z
>>> nrfTargetDN: cn=TestRole2group,ou=populations,o=Developpement
>>>
>>>
>>> dn:
>>> cn=20131030120729-b8b3c114ea1c4eb9994630bd5d644772-0,cn=Requests,cn=Role
>>> Config,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYS
>>>
>>>
>>> TEM
>>> objectClass: Top
>>> objectClass: nrfRequest
>>> cn: 20131030120729-b8b3c114ea1c4eb9994630bd5d644772-0
>>> nrfRequestDate: 20131030110729Z
>>> nrfStatus: 80
>>> nrfCategory: 10
>>> nrfCorrelationId: b4544af502cd44fea34ddf4dc1e30db8
>>> nrfDecisionDate: 20131030110729Z
>>> nrfDescription: Role2OU
>>> nrfImmediate: TRUE
>>> nrfOriginator: USER_APP
>>> nrfRequester: cn=UA-admin,ou=TFAccounts,o=Developpement
>>> nrfSourceDN:
>>> cn=SAP-AQ1CLNT100,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppCo
>>> nfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfStartDate: 20131030110729Z
>>> nrfTargetDN: ou=testACL,ou=populations,o=Developpement
>>>
>>> *GOOD REQUEST* nrfCategory and nrfStatus changed
>>>
>>> nrfCategory = 30 for Group
>>> nrfCategory = 40 for OU
>>>
>>> nrfStatus = 10 to restart request
>>>
>>> dn:
>>> cn=20131030120729-b8b3c114ea1c4eb9994630bd5d644772-0,cn=Requests,cn=Role
>>> Config,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYS
>>>
>>>
>>> TEM
>>> objectClass: Top
>>> objectClass: nrfRequest
>>> cn: 20131030120729-b8b3c114ea1c4eb9994630bd5d644772-0
>>> nrfRequestDate: 20131030110729Z
>>> nrfStatus: 50
>>> nrfCategory: 40
>>> nrfCorrelationId: b4544af502cd44fea34ddf4dc1e30db8
>>> nrfDecisionDate: 20131030110729Z
>>> nrfDescription: Role2OU
>>> nrfImmediate: TRUE
>>> nrfOriginator: USER_APP
>>> nrfRequester: cn=UA-admin,ou=TFAccounts,o=Developpement
>>> nrfSourceDN:
>>> cn=SAP-AQ1CLNT100,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppCo
>>> nfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfStartDate: 20131030110729Z
>>> nrfTargetDN: ou=testACL,ou=populations,o=Developpement
>>>
>>> dn:
>>> cn=20131030111033-5fd8253b1fbf42569fc2fbdbfe8b311e-0,cn=Requests,cn=Role
>>> Config,cn=AppConfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYS
>>>
>>>
>>> TEM
>>> objectClass: Top
>>> objectClass: nrfRequest
>>> cn: 20131030111033-5fd8253b1fbf42569fc2fbdbfe8b311e-0
>>> nrfRequestDate: 20131030101033Z
>>> nrfStatus: 50
>>> nrfCategory: 30
>>> nrfCorrelationId: 7d456c95e16f40f48e8d23e15784d2c3
>>> nrfDecisionDate: 20131030105631Z
>>> nrfDescription: Test Role2group
>>> nrfImmediate: TRUE
>>> nrfOriginator: USER_APP
>>> nrfRequester: cn=UA-admin,ou=TFAccounts,o=Developpement
>>> nrfSourceDN:
>>> cn=SAP-AQ1CLNT100,cn=Level10,cn=RoleDefs,cn=RoleConfig,cn=AppCo
>>> nfig,cn=UserApplication-v3_7,cn=DriverSet,ou=RESOURCES,o=SYSTEM
>>> nrfStartDate: 20131030101033Z
>>> nrfTargetDN:
>>> cn=POP-ETNIC-L10-EXP,ou=AdminsGrp-old,ou=Groups,o=Developpement
>>>
>>>

>>

> Greetings,
> I can reproduce the "problem" using soapUI. In that if outline
> USER_TO_ROLE and provide a Group then the Role Request itself will fail
> with the 80. If I provide GROUP_TO_ROLE as the assignmentType and
> provide a group it works correctly.
>
> This is most definitely is a bug in the IDM add-role action. They need
> to allow for all of the correct assignmentType values or outline that
> the add and remove role actions can only be used on "users".
>
>
>
>
>

Greetings,
What Geoffrey outlined is most definitely not supported.

--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Knowledge Partner
Knowledge Partner

Re: Assign Role to Group in a driver

> What Geoffrey outlined is most definitely not supported.

Agreed, and so disclaimed. Mostly to see if it would catch your
attention... 🙂

But more seriously, in the Strings field of the do-add-role token, could
you add a string named: "assignmentType" and send in the role request?

I am pretty sure this is just a generic wrapper around a SOAP call like
Start Workflow and if you know the name of the field, you can send in
the extra data.

I just do not know what values the SOAP endpoint is expecting.

Sort of like this with no other info filled out?

<do-add-role id="someUser" role-id="someDN" time-out="0" url="someURL">
<arg-password>
<token-text xml:space="preserve">password</token-text>
</arg-password>
<arg-string name="assignmentType ">
<token-text xml:space="preserve">GROUP_TO_ROLE</token-text>
</arg-string>
</do-add-role>


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Assign Role to Group in a driver

On 10/30/13 3:54 PM, Geoffrey Carman wrote:
>> What Geoffrey outlined is most definitely not supported.

>
> Agreed, and so disclaimed. Mostly to see if it would catch your
> attention... 🙂
>
> But more seriously, in the Strings field of the do-add-role token, could
> you add a string named: "assignmentType" and send in the role request?
>
> I am pretty sure this is just a generic wrapper around a SOAP call like
> Start Workflow and if you know the name of the field, you can send in
> the extra data.
>
> I just do not know what values the SOAP endpoint is expecting.
>
> Sort of like this with no other info filled out?
>
> <do-add-role id="someUser" role-id="someDN" time-out="0" url="someURL">
> <arg-password>
> <token-text xml:space="preserve">password</token-text>
> </arg-password>
> <arg-string name="assignmentType ">
> <token-text xml:space="preserve">GROUP_TO_ROLE</token-text>
> </arg-string>
> </do-add-role>
>
>


I doubt that would work, but something that should work and be supported
is to create a workflow using the Role Request activity that does what
you want and use the do-start-workflow action to invoke it.

--
Shon
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Assign Role to Group in a driver


Thx Steven,

I forward your info to the support (SR # 10862816521)

Serge


--
TellierS
------------------------------------------------------------------------
TellierS's Profile: https://forums.netiq.com/member.php?userid=2550
View this thread: https://forums.netiq.com/showthread.php?t=49094

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Assign Role to Group in a driver


Has any progress been made on this bug? I am running into the same
issue...


--
rrawson
------------------------------------------------------------------------
rrawson's Profile: https://forums.netiq.com/member.php?userid=403
View this thread: https://forums.netiq.com/showthread.php?t=49094

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Assign Role to Group in a driver

On 12/18/2013 03:14 PM, rrawson wrote:
>
> Has any progress been made on this bug? I am running into the same
> issue...
>
>

Greetings Rob,
I would utilize the suggestion for Shon and use the Role Request
activity in a WF. Then use the do-start-workflow action instead.
As for the bug, I can not comment on the status of it, since it is
not a User Application bug.

--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
TE Super Contributor.
Super Contributor.

Re: Assign Role to Group in a driver


rrawson;238358 Wrote:
> Has any progress been made on this bug? I am running into the same
> issue...


Let's see. Rob posted this on 18-Dec-2013.

Here it is, August 4th, 2015, and it is still not fixed.

Has anybody filed a bug on this?


--
tse7147
------------------------------------------------------------------------
tse7147's Profile: https://forums.netiq.com/member.php?userid=466
View this thread: https://forums.netiq.com/showthread.php?t=49094

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Assign Role to Group in a driver

On 08/04/2015 03:04 PM, tse7147 wrote:
>
> rrawson;238358 Wrote:
>> Has any progress been made on this bug? I am running into the same
>> issue...

>
> Let's see. Rob posted this on 18-Dec-2013.
>
> Here it is, August 4th, 2015, and it is still not fixed.
>
> Has anybody filed a bug on this?
>
>

Greetings,

1) It was outlined in this thread on 30-October-2013 that a bug was
logged and the number was provided.

2) The fix is available only in IDM 4.5


--

Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Knowledge Partner
Knowledge Partner

Re: Assign Role to Group in a driver

On 8/5/2015 10:28 AM, Steven Williams wrote:
> On 08/04/2015 03:04 PM, tse7147 wrote:
>>
>> rrawson;238358 Wrote:
>>> Has any progress been made on this bug? I am running into the same
>>> issue...

>>
>> Let's see. Rob posted this on 18-Dec-2013.
>>
>> Here it is, August 4th, 2015, and it is still not fixed.
>>
>> Has anybody filed a bug on this?
>>
>>

> Greetings,
>
> 1) It was outlined in this thread on 30-October-2013 that a bug was
> logged and the number was provided.
>
> 2) The fix is available only in IDM 4.5


Tim was testing this on IDM 4.5.0.2, using Designer 4.5.1.


0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Assign Role to Group in a driver

On 08/05/2015 10:33 AM, Geoffrey Carman wrote:
> On 8/5/2015 10:28 AM, Steven Williams wrote:
>> On 08/04/2015 03:04 PM, tse7147 wrote:
>>>
>>> rrawson;238358 Wrote:
>>>> Has any progress been made on this bug? I am running into the same
>>>> issue...
>>>
>>> Let's see. Rob posted this on 18-Dec-2013.
>>>
>>> Here it is, August 4th, 2015, and it is still not fixed.
>>>
>>> Has anybody filed a bug on this?
>>>
>>>

>> Greetings,
>>
>> 1) It was outlined in this thread on 30-October-2013 that a bug was
>> logged and the number was provided.
>>
>> 2) The fix is available only in IDM 4.5

>
> Tim was testing this on IDM 4.5.0.2, using Designer 4.5.1.
>
>

Greetings,
Then what is the issue/problem being seen? I would think this should
be opened in a new thread...

What I will say, make sure that the correct entity type is being passed
for the "add/revoke" action or else it will still fail with a code 80.

Meaning, if you set that it should be GROUP_TO_ROLE and you pass a
"user" then it will fail.


Therefore, the role-assignment-type must exactly match the "Identity"
being passed. This can not be dynamic.


--

Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Knowledge Partner
Knowledge Partner

Re: Assign Role to Group in a driver

On 8/5/2015 10:43 AM, Steven Williams wrote:
> On 08/05/2015 10:33 AM, Geoffrey Carman wrote:
>> On 8/5/2015 10:28 AM, Steven Williams wrote:
>>> On 08/04/2015 03:04 PM, tse7147 wrote:
>>>>
>>>> rrawson;238358 Wrote:
>>>>> Has any progress been made on this bug? I am running into the same
>>>>> issue...
>>>>
>>>> Let's see. Rob posted this on 18-Dec-2013.
>>>>
>>>> Here it is, August 4th, 2015, and it is still not fixed.
>>>>
>>>> Has anybody filed a bug on this?
>>>>
>>>>
>>> Greetings,
>>>
>>> 1) It was outlined in this thread on 30-October-2013 that a bug was
>>> logged and the number was provided.
>>>
>>> 2) The fix is available only in IDM 4.5

>>
>> Tim was testing this on IDM 4.5.0.2, using Designer 4.5.1.
>>
>>

> Greetings,
> Then what is the issue/problem being seen? I would think this should
> be opened in a new thread...
>
> What I will say, make sure that the correct entity type is being passed
> for the "add/revoke" action or else it will still fail with a code 80.
>
> Meaning, if you set that it should be GROUP_TO_ROLE and you pass a
> "user" then it will fail.
>
>
> Therefore, the role-assignment-type must exactly match the "Identity"
> being passed. This can not be dynamic.


Can you go into designer, generate a Do-Add-Role token and show us whta
the XML should look like?

I think this is a Designer bug personally.

I just went in, set values with variables. The Role Assignment
defaulted in the UI to USER_TO_ROLE and i get this XML:
<do-add-role id="$UA-ADMIN$" role-id="$ROLE-DN$" time-out="60000"
url="$UA-URL$">
<arg-password>
<token-text xml:space="preserve">$ADMIN-PWD$</token-text>
</arg-password>
<arg-string name="description">
<token-text xml:space="preserve">Test</token-text>
</arg-string>
<arg-string name="role-assignment-type"/>
</do-add-role>

I think the last line is the issue.

<arg-string name="role-assignment-type"/>

When I use the UI and specify a non-default like GROUP_TO_ROLE I get:

<arg-string name="role-assignment-type">
<token-text xml:space="preserve">GROUP_TO_ROLE</token-text>
</arg-string>

Now if I switch it back to USER_TO_ROLE I get:

<do-add-role id="$UA-ADMIN$" role-id="$ROLE-DN$" time-out="60000"
url="$UA-URL$">
<arg-password>
<token-text xml:space="preserve">$ADMIN-PWD$</token-text>
</arg-password>
<arg-string name="description">
<token-text xml:space="preserve">Test</token-text>
</arg-string>
<arg-string name="role-assignment-type">
<token-text xml:space="preserve">USER_TO_ROLE</token-text>
</arg-string>
</do-add-role>

So it is a simple Designer bug on how it implements the default value.


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.