Highlighted
Honored Contributor.
Honored Contributor.
410 views

Parallel role removals

I have 2 role definitions both having AD resource which enables AD entitlement. I have a user with both roles assigned.

When I remove one of the two roles from the user I assumed user's AD entitlement is intact but that was not the case. AD entitlement was removed when a role with AD resource is removed even when user is left with another role with AD resource. Is this normal behavior? Can it be changed?

__________
Pekka Kuronen
Pegasi Oy / pegasi.fi
Labels (2)
0 Likes
6 Replies
Highlighted
Super Contributor.
Super Contributor.

Hey, this isnt a normal behaivor. The role inheritance should preserve the entitlement assigment.

Are both roles referenced to the same resource?


--
https://www.lanworks.de
0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Yes there is only one AD entitlement resource for now. Hopefully the patch will make it work.
__________
Pekka Kuronen
Pegasi Oy / pegasi.fi
Highlighted
Knowledge Partner
Knowledge Partner

Check your Role and resource driver.

A level 3 trace will give you a clue on what is going on.

Highlighted
Micro Focus Expert
Micro Focus Expert

Are you on the latest RRSD version?

There have been bug fixes regarding overlapping roles: https://www.netiq.com/documentation/identity-manager-47-drivers/RRSDriver4730readme/data/RRSDriver4730readme.html

 

--
Norbert
Highlighted
Honored Contributor.
Honored Contributor.

Driver ID: ROLESVC
Driver version: 4.7.0.0

Based on iManager version discovery tool I am need of update. Thanks for the heads up.

__________
Pekka Kuronen
Pegasi Oy / pegasi.fi
Highlighted
Knowledge Partner
Knowledge Partner

I've seen this, but not recently. I seem to recall that it was a bug of the RRSD driver in the way it recalculated what should be assigned on a role-revoke. What version of IDM (engine) and RRSD driver are you running?

 

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.