Anonymous_User Absent Member.
Absent Member.
118 views

Managing Inherited Resources


Does UserApp have a mechanism built in for maintaining integrity of
inherited resources? In our design we are assigning resources to a
role, thereby giving the resource to all members of the role. Well, if
the user is removed from the resource manually but still exists in the
role that grants the resource, does UserApp at some point re-add the
resource to the user? In my testing I do not see that happening but I
don't know if there is a timer setting somewhere that triggers this kind
of event at some point.

-Mike


--
mkijewsk
------------------------------------------------------------------------
mkijewsk's Profile: https://forums.netiq.com/member.php?userid=2181
View this thread: https://forums.netiq.com/showthread.php?t=49240

Labels (1)
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Managing Inherited Resources

On 11/15/2013 02:49 PM, mkijewsk wrote:
>
> Does UserApp have a mechanism built in for maintaining integrity of
> inherited resources? In our design we are assigning resources to a
> role, thereby giving the resource to all members of the role. Well, if
> the user is removed from the resource manually but still exists in the
> role that grants the resource, does UserApp at some point re-add the
> resource to the user? In my testing I do not see that happening but I
> don't know if there is a timer setting somewhere that triggers this kind
> of event at some point.
>
> -Mike
>
>

Greetings Mike,
No. Also, there is a section in the User Guide that talks about
different way that you can be revoked from the Resource.


--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Managing Inherited Resources


It would be interesting to know why integrity is not managed for
resources as it is for roles. If I am going to assigning resources
based on managed role membership, then I need to make sure that everyone
that is in the managed role has the resource granted. I suppose I can
create a workflow that is triggered by an IDM driver
(nrfResourceMembership changing), that will put the resource back on an
account if it is granted by a role membership. This along with removing
rights for manually adding or removing resources should solve the
problem.

But, this is a lot of core functionality work IMHO. Resources should be
"managed" by UA if they are assigned to a role. Where am I wrong here?


--
mkijewsk
------------------------------------------------------------------------
mkijewsk's Profile: https://forums.netiq.com/member.php?userid=2181
View this thread: https://forums.netiq.com/showthread.php?t=49240

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.