afolli Absent Member.
Absent Member.
304 views

Fighting with rights


Hi all,
I'm getting crazy looking for the right way to setup rights on the
User Application.

I have defined multiple Provisioning Request Definitions that must be
visible to a subset of users only. For that, I have added some groups to
the trustee rights of the PRDs and I have removed public rights on the
DriverSet's subtree. This ensures that users only see the requests they
have rights to.

One of the Provisioning Request Definitions is used to request roles on
the User Application and roles have an associated approval workflow.
When a user request a role, three records are added to the section
'Request Status' of the Work Dashboard. The first record corresponds to
the PRD (the status is set to 'Completed:Approved') and the user can
view details and comments of this request. The second record corresponds
to the approval workflow and the user is able to check the approval
status of his request.

The last record corresponds to the role assignment. When the user click
on it, he receives the error message "An error occurred retrieving the
request details:An error occurred processing the request. (You don't
have access to view the details of the request status.)". If I do not
remove public rights on the DriverSet's subtree, the user will not
receive the error and can check the status of the Role Assignment
Request.

How can I get rid of this error without assigning public rights
directly to the container
Requests.RoleConfig.AppConfig.UserApplication.DriverSet.Services.Tree ?
Otherwise, am I using the wrong approach to manage PRD's visibility? Any
suggestion will be appreciated.

Thanks. Best regards,

Alessandro


--
afolli
------------------------------------------------------------------------
afolli's Profile: http://forums.novell.com/member.php?userid=6964
View this thread: http://forums.novell.com/showthread.php?t=449392

Labels (1)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Fighting with rights

On 12/09/2011 11:06 AM, afolli wrote:
>
> Hi all,
> I'm getting crazy looking for the right way to setup rights on the
> User Application.
>
> I have defined multiple Provisioning Request Definitions that must be
> visible to a subset of users only. For that, I have added some groups to
> the trustee rights of the PRDs and I have removed public rights on the
> DriverSet's subtree. This ensures that users only see the requests they
> have rights to.
>
> One of the Provisioning Request Definitions is used to request roles on
> the User Application and roles have an associated approval workflow.
> When a user request a role, three records are added to the section
> 'Request Status' of the Work Dashboard. The first record corresponds to
> the PRD (the status is set to 'Completed:Approved') and the user can
> view details and comments of this request. The second record corresponds
> to the approval workflow and the user is able to check the approval
> status of his request.
>
> The last record corresponds to the role assignment. When the user click
> on it, he receives the error message "An error occurred retrieving the
> request details:An error occurred processing the request. (You don't
> have access to view the details of the request status.)". If I do not
> remove public rights on the DriverSet's subtree, the user will not
> receive the error and can check the status of the Role Assignment
> Request.
>
> How can I get rid of this error without assigning public rights
> directly to the container
> Requests.RoleConfig.AppConfig.UserApplication.DriverSet.Services.Tree ?
> Otherwise, am I using the wrong approach to manage PRD's visibility? Any
> suggestion will be appreciated.
>
> Thanks. Best regards,
>
> Alessandro
>
>

Greetings,
You need to use Inherited Rights Filter (IRF). Keep in mind, that
the Request Status area shows the following kinds of Requests:

Workflows
Roles
Resources

In the case you have outlined, the recipient does not have rights to
view Role Requests

--
Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
afolli Absent Member.
Absent Member.

Re: Fighting with rights


That was obvious. Based on your response I assume that this is the
correct approach to manage rights and PRDs availability.

Thanks for your answer. Best regards,

Alessandro

exteNdSupport;2160095 Wrote:
>
>
> Greetings,
> You need to use Inherited Rights Filter (IRF). Keep in mind, that
> the Request Status area shows the following kinds of Requests:
>
> Workflows
> Roles
> Resources
>
> In the case you have outlined, the recipient does not have rights to
> view Role Requests
>
> --
> Sincerely,
> Steven Williams
> Lead Software Engineer
> NetIQ



--
afolli
------------------------------------------------------------------------
afolli's Profile: http://forums.novell.com/member.php?userid=6964
View this thread: http://forums.novell.com/showthread.php?t=449392

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.