Issue with delegated role management in UA 4.7.2

We delegate role membership management through the use of administrator assignments. A new administrator assignment is created in the role domain and an eDirectory group is assigned. The following six permissions are given for the role to be managed:
Revoke Role From User
Report on Role
Assign Role To User
Revoke Role From Group and Container
View Role
Assign Role To Group and Container

We assign users to these eDirectory groups so that they can manage the appropriate roles. This worked fine in UA4.6 IDMProv, because the following roles were able to access the roles tab:
Security Administrator
Resource Manager
Role Manager
Role Administrator
Resource Administrator

In UA4.7.2 IDMDash, this does not work. The only roles that can Assign Roles are Security Administrator and Provisioning Administrator. These trustees can not be modified.

How are we supposed to delegate role management?
Labels (1)
1 Reply

I created a new client and this issue went away.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.