Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
324 views

Removal of all Roles, resourses and entitlements


Hi,

maybe this should be asked in the enging side, not sure.

When a user is made Inactive we want to simply remove all Roles,
Resources and Entitlements.
I think this is easiest to do in a null driver but if I would use the
"Remove Role" token I need to do a "for each" over every role as well as
having to get the correct LDAP dn translation etc. Doable and correct.
Wan just wondering what the diffrence would be to just "Clear" the
affected attributes, DirXML-EntitlementRef, nrfMemberOf, nrf
AssignedRoles, nrfAssignedResources. As I understand it we miss the
logging function of the UA and the nrfResourceHistory attribute will not
be updated but is there anything else?


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=47497

Labels (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: Removal of all Roles, resourses and entitlements

On 4/8/2013 10:14 AM, joakim ganse wrote:
>
> Hi,
>
> maybe this should be asked in the enging side, not sure.
>
> When a user is made Inactive we want to simply remove all Roles,
> Resources and Entitlements.
> I think this is easiest to do in a null driver but if I would use the
> "Remove Role" token I need to do a "for each" over every role as well as
> having to get the correct LDAP dn translation etc. Doable and correct.
> Wan just wondering what the diffrence would be to just "Clear" the
> affected attributes, DirXML-EntitlementRef, nrfMemberOf, nrf
> AssignedRoles, nrfAssignedResources. As I understand it we miss the
> logging function of the UA and the nrfResourceHistory attribute will not
> be updated but is there anything else?


The RRSD is the driver that sees an nrfRequest object to remove each
Role. It then goes out and does its magic. But I am not sure if it
just clears the attributes, or looks deeper down the tree for inherited
roles that have been made more static.

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Removal of all Roles, resourses and entitlements

On 04/08/2013 10:14 AM, joakim ganse wrote:
>
> Hi,
>
> maybe this should be asked in the enging side, not sure.
>
> When a user is made Inactive we want to simply remove all Roles,
> Resources and Entitlements.
> I think this is easiest to do in a null driver but if I would use the
> "Remove Role" token I need to do a "for each" over every role as well as
> having to get the correct LDAP dn translation etc. Doable and correct.
> Wan just wondering what the diffrence would be to just "Clear" the
> affected attributes, DirXML-EntitlementRef, nrfMemberOf, nrf
> AssignedRoles, nrfAssignedResources. As I understand it we miss the
> logging function of the UA and the nrfResourceHistory attribute will not
> be updated but is there anything else?
>
>

Greetings,
The proper way to handle this would be to look over each and remove.
Otherwise you may not have proper matching between the objects.

--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Removal of all Roles, resourses and entitlements


Thanks, I will do it the proper way then 😉


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=47497

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Removal of all Roles, resourses and entitlements


Just found out I need to for each over nrfMemberOf, otherwhise I miss
some roles.
It would be useful with a new token "Clear all roles", might suggest it.


--
joakim_ganse
------------------------------------------------------------------------
joakim_ganse's Profile: https://forums.netiq.com/member.php?userid=159
View this thread: https://forums.netiq.com/showthread.php?t=47497

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.