Cadet 3rd Class
Cadet 3rd Class

Minimum permissions needed for reading [pseudo].Member


  We have eDirectory 9.0.4 and IDM 4.6.2. In one of the drivers, we set Engine Control Values of "Revert to calculated membership value behavior" to False and for reading the nested parent group "Member" values we query [pseudo].Member in one of the policies. It works when the account used in the driver has "Supervisor" permissions in the ACL. But when it changed to just read permissions on "Member", "GroupMember" and "Group Membership" attributes on all users and Groups, it is returning empty results. It is able to read (static) members of the group, but not the nested group members ([pseudo].Member). Any idea what is the minimum permissions needed in the ACL to read nested group's calculated  "Member" values ([pseudo].Member)?




Labels (1)
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.