kuronen Super Contributor.
Super Contributor.
168 views

Parallel role removals

I have 2 role definitions both having AD resource which enables AD entitlement. I have a user with both roles assigned.

When I remove one of the two roles from the user I assumed user's AD entitlement is intact but that was not the case. AD entitlement was removed when a role with AD resource is removed even when user is left with another role with AD resource. Is this normal behavior? Can it be changed?

0 Likes
6 Replies
pdeneu Super Contributor.
Super Contributor.

Re: Parallel role removals

Hey, this isnt a normal behaivor. The role inheritance should preserve the entitlement assigment.

Are both roles referenced to the same resource?


--
https://www.lanworks.de
0 Likes
kuronen Super Contributor.
Super Contributor.

Re: Parallel role removals

Yes there is only one AD entitlement resource for now. Hopefully the patch will make it work.
Knowledge Partner
Knowledge Partner

Re: Parallel role removals

Check your Role and resource driver.

A level 3 trace will give you a clue on what is going on.

Micro Focus Expert
Micro Focus Expert

Re: Parallel role removals

Are you on the latest RRSD version?

There have been bug fixes regarding overlapping roles: https://www.netiq.com/documentation/identity-manager-47-drivers/RRSDriver4730readme/data/RRSDriver4730readme.html

 

kuronen Super Contributor.
Super Contributor.

Re: Parallel role removals

Driver ID: ROLESVC
Driver version: 4.7.0.0

Based on iManager version discovery tool I am need of update. Thanks for the heads up.

Knowledge Partner
Knowledge Partner

Re: Parallel role removals

I've seen this, but not recently. I seem to recall that it was a bug of the RRSD driver in the way it recalculated what should be assigned on a role-revoke. What version of IDM (engine) and RRSD driver are you running?

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.