Highlighted
Trusted Contributor.
Trusted Contributor.
265 views

Resource revocation with multiple entitlement values

Jump to solution

Hi,

We are having the following issue with the resource assignment.

We have a resource with multiple entitlement values, we create this resource with the SOAP Endpoint.  (this because in the idmadmin portal we cannot longer create 1 resource with multiple entitlements values)

When we assign this resource to a user, it actually works, and we can see multiple DirXML-EntitlementRef values and multiple nrfAssignedResources values but the problem comes when we revoked the resource, the Role and Resource Service Drivers clear all the nrfAssignedResources(which is expected) but the DirXML-EntitlementRef instead of update all the values to a revoked status (#0#) it clears all the values and only keeps 1 DirXML-EntitlementRef with a #0# status.

any ideas?

 

eDirectory: 9.2 v40201.39

IDM: 4.7.3.0

Identity Apps: 4.7.3

Role and Resource Service Driver: 4.7.0.20180213164852

Labels (1)
1 Solution

Accepted Solutions
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Resource revocation with multiple entitlement values

Jump to solution

We open a SR and they confirmed that is a deprecated function.

This ability was deprecated, and was removed in IDM 4.7 and newer. When confirming with Development, the statement received back was: "It is not supported. One resource should be mapped to one entitlement"

View solution in original post

0 Likes
6 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Resource revocation with multiple entitlement values

Jump to solution

I would update the RRSD shim to 4.7.4 first (https://www.netiq.com/documentation/identity-manager-47-drivers/). But it seems your issue is not in the list of software fixes. So you'll probably need to create a service reqeust.

--
Norbert
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Resource revocation with multiple entitlement values

Jump to solution

We upgrade to IDM Engine and Identity Apps 4.7.4, RRSD shim 4.7.4 and package 4.7.4.20200213121256 and still not working.

We will open a SR.

Keep posted.

0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: Resource revocation with multiple entitlement values

Jump to solution

I don't think you'll ever get this to work.

The Role model is [role]1->*[role]1->1[resource(entitlement)] (not very good at showing this in text). That you where able to create this resource using soap is probably down to an bug in the soap-endpoint.

I'd suggest to use roles (one role multiple resources), as that will work.

Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Resource revocation with multiple entitlement values

Jump to solution

I am seeing this issue more like a deprecated function, because in the IDMProv (prior to the 4.7.3 version) it was supported that in the interface you can create a resource and map 1 entitlement with many values.

I attach the evidence.

testresource.png

Highlighted
Trusted Contributor.
Trusted Contributor.

Re: Resource revocation with multiple entitlement values

Jump to solution

We open a SR and they confirmed that is a deprecated function.

This ability was deprecated, and was removed in IDM 4.7 and newer. When confirming with Development, the statement received back was: "It is not supported. One resource should be mapped to one entitlement"

View solution in original post

0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Re: Resource revocation with multiple entitlement values

Jump to solution

Strange, I never noticed that you could have multiple entitlement values in IDMProv.

That they have deprecated this out of the blue is ... as it will break some implementations (like yours).

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.