jwilleke Trusted Contributor.
Trusted Contributor.
122 views

Is there a good method to issue an Roles and or Entitlements to a group of pre-existing users?

As Geoff points out in his articale,
http://www.novell.com/communities/node/13433/walking-through-idm-4-google-apps-driver-part-2;

"... although you may require an Entitlement to get a new account,
often the horses are well out of the barn and even though you want to
use entitlements, you need to match existing users, even if they do not
have the entitlement since it is much better to control them going
forward than to leave them stranded."

So when you are implementing entitlements for the first time in a
driver, can you add the Role or Entitlment to a set of users that match
an LDAP Filter, as an example?

This would sure make coding drivers much better as to not have to deal
the "old" and the Entitlement based provisioning and de-provisioning
code.

--

Thank You for your help!

-jim
Jim Willeke

Labels (1)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Is there a good method to issue an Roles and or Entitlementsto a group of pre-existing users?

How about a trigger job on a null driver scoped with a dynamic group that calls an Add Role PRD?
Then you can adjust the dynamic group to be whatever you want.

On 3/4/2012 4:28 AM, Jim Willeke wrote:
> As Geoff points out in his articale,
> http://www.novell.com/communities/node/13433/walking-through-idm-4-google-apps-driver-part-2;
> "... although you may require an Entitlement to get a new account, often the horses are well out of
> the barn and even though you want to use entitlements, you need to match existing users, even if
> they do not have the entitlement since it is much better to control them going forward than to leave
> them stranded."
>
> So when you are implementing entitlements for the first time in a driver, can you add the Role or
> Entitlment to a set of users that match an LDAP Filter, as an example?
>
> This would sure make coding drivers much better as to not have to deal the "old" and the Entitlement
> based provisioning and de-provisioning code.
>


0 Likes
Knowledge Partner
Knowledge Partner

Re: Is there a good method to issue an Roles and or Entitlementsto a group of pre-existing users?

On 3/6/2012 12:25 PM, Will Schneider wrote:
> How about a trigger job on a null driver scoped with a dynamic group
> that calls an Add Role PRD?
> Then you can adjust the dynamic group to be whatever you want.


In other words, sort of reinvent the ESD/RRSD driver again. 🙂


> On 3/4/2012 4:28 AM, Jim Willeke wrote:
>> As Geoff points out in his articale,
>> http://www.novell.com/communities/node/13433/walking-through-idm-4-google-apps-driver-part-2;
>>
>> "... although you may require an Entitlement to get a new account,
>> often the horses are well out of
>> the barn and even though you want to use entitlements, you need to
>> match existing users, even if
>> they do not have the entitlement since it is much better to control
>> them going forward than to leave
>> them stranded."
>>
>> So when you are implementing entitlements for the first time in a
>> driver, can you add the Role or
>> Entitlment to a set of users that match an LDAP Filter, as an example?
>>
>> This would sure make coding drivers much better as to not have to deal
>> the "old" and the Entitlement
>> based provisioning and de-provisioning code.
>>

>


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.