vkhoury
New Member.
584 views

Use Entitlement in Role

I am using IDM 4.7. I want to create a role in Designer and Assign an entitlement to this role.
I created a business role in Designer but when trying to deploy it to eDirectory I have the following Error: The object Group3 contains one or more validation errors. Please see Project Checker view.
When i run the Project checker i have the following:No operation to display at this time.
There is no errors in ht User Application Driver Trace file.
I've tried to add the role using the User Application and sync it back to Designer. It works fine.
I can't find a way to troubleshoot or solve this issue.
Any ideas?
Labels (1)
0 Likes
8 Replies
Knowledge Partner
Knowledge Partner

Re: Use Entitlement in Role

On 11/12/2018 9:16 AM, vkhoury wrote:
>
> I am using IDM 4.7. I want to create a role in Designer and Assign an
> entitlement to this role.
> I created a business role in Designer but when trying to deploy it to
> eDirectory I have the following Error: The object Group3 contains one or
> more validation errors. Please see Project Checker view.
> When i run the Project checker i have the following:No operation to
> display at this time.
> There is no errors in ht User Application Driver Trace file.
> I've tried to add the role using the User Application and sync it back
> to Designer. It works fine.
> I can't find a way to troubleshoot or solve this issue.


Entitlements used to be assignable to roles, in the past. BUt in 4.7 or
maybe 4.6 they removed that ability. Now you have to assign the
Entitlement to a Resource, and then associate a Resource to a Role.

A bit annoying, and a possible issue you might be ssing.



0 Likes
vkhoury
New Member.

Re: Use Entitlement in Role

geoffc;2490576 wrote:
On 11/12/2018 9:16 AM, vkhoury wrote:
>
> I am using IDM 4.7. I want to create a role in Designer and Assign an
> entitlement to this role.
> I created a business role in Designer but when trying to deploy it to
> eDirectory I have the following Error: The object Group3 contains one or
> more validation errors. Please see Project Checker view.
> When i run the Project checker i have the following:No operation to
> display at this time.
> There is no errors in ht User Application Driver Trace file.
> I've tried to add the role using the User Application and sync it back
> to Designer. It works fine.
> I can't find a way to troubleshoot or solve this issue.


Entitlements used to be assignable to roles, in the past. BUt in 4.7 or
maybe 4.6 they removed that ability. Now you have to assign the
Entitlement to a Resource, and then associate a Resource to a Role.

A bit annoying, and a possible issue you might be ssing.


Okay i got that now. After creating a Resource in Designer i realized that the entitlement assignment is read only and that it could be only assigned using the user application.
But the Entitlements created in Designer cannot be browsed in User app.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Use Entitlement in Role

vkhoury wrote:

>
>
> But the Entitlements created in Designer cannot be browsed in User app.


You need the drivers running and to run a code-map-refresh so that UA knows
about the entitlments and how they are configured.

--
If you find this post helpful, and are viewing this using the web, please show
your appreciation by clicking on the star below
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
vkhoury
New Member.

Re: Use Entitlement in Role

I tried to run the code-map-refresh but i still have the same issue.
The error is as follows: Error: No Entitlements were found. You either do not have permission to bind to entitlements or have not configured entitlements for resource mapping. Please see documentation for further details.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Use Entitlement in Role

On 11/13/2018 9:44 AM, vkhoury wrote:
>
> I tried to run the code-map-refresh but i still have the same issue.
> The error is as follows: Error: No Entitlements were found. You either
> do not have permission to bind to entitlements or have not configured
> entitlements for resource mapping. Please see documentation for further
> details.


If you can find the documentation on this, I would be very happy. This
is an aspect of the product that I think is very weakly documented.
Alas. Read my article on the topic for more info.

Short answer to actually be helpful instead of just complaining...

You probably do not have an EntitlementConfiguration object in any of
your drivers. Look for (&(objectclass=DirXML-Resource)(cn=entitle*))

Should have one per driver with Entitlements. If not, figure out why
not. NetIQ delivered packages include policies that generate these on
the fly.
0 Likes
vkhoury
New Member.

Re: Use Entitlement in Role

I found this article useful: https://www.netiq.com/communities/cool-solutions/adding-new-custom-entitlements-driver-getting-work/
What i did is add the loopback entitlement package to the loopback driver containing the entitlement.
Then i added the entitlement to the PermissionNameToFile.
Finally, run the code-map-refresh in UA and Entitlements will appear in UA.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Use Entitlement in Role

On 11/14/2018 6:24 AM, vkhoury wrote:
>
> I found this article useful:
> https://www.netiq.com/communities/cool-solutions/adding-new-custom-entitlements-driver-getting-work/


David who wrote that is my coworker.

> What i did is add the loopback entitlement package to the loopback
> driver containing the entitlement.


This is a nice package as it basically enanles Group entitlements in the
IDV. Which is oddly useful, and oddly was missed for a long time.

> Then i added the entitlement to the PermissionNameToFile.
> Finally, run the code-map-refresh in UA and Entitlements will appear in
> UA.


Great.

0 Likes
Knowledge Partner
Knowledge Partner

Re: Use Entitlement in Role

On 11/13/2018 8:36 AM, vkhoury wrote:
>
> geoffc;2490576 Wrote:
>> On 11/12/2018 9:16 AM, vkhoury wrote:
>>>
>>> I am using IDM 4.7. I want to create a role in Designer and Assign an
>>> entitlement to this role.
>>> I created a business role in Designer but when trying to deploy it to
>>> eDirectory I have the following Error: The object Group3 contains one

>> or
>>> more validation errors. Please see Project Checker view.
>>> When i run the Project checker i have the following:No operation to
>>> display at this time.
>>> There is no errors in ht User Application Driver Trace file.
>>> I've tried to add the role using the User Application and sync it

>> back
>>> to Designer. It works fine.
>>> I can't find a way to troubleshoot or solve this issue.

>>
>> Entitlements used to be assignable to roles, in the past. BUt in 4.7 or
>> maybe 4.6 they removed that ability. Now you have to assign the
>> Entitlement to a Resource, and then associate a Resource to a Role.
>>
>> A bit annoying, and a possible issue you might be ssing.

>
> Okay i got that now. After creating a Resource in Designer i realized
> that the entitlement assignment is read only and that it could be only
> assigned using the user application.
> But the Entitlements created in Designer cannot be browsed in User app.


Ah, you want the whole story... I suggest you read some of this article:

A friend at NetIQ wrote this about how to add support to oler drivers.
http://www.novell.com/communities/node/9702/convert-driver-entitlements-new-rbpm-37-resource-model

I then looked at the policies he included to see WHAT and WHY it was
doing and needed.

http://www.novell.com/communities/node/11558/converting-entitlements-resources-more-details

This second one is useful.

Short version:
UA looks for all DirXMl-Drivers, then under it for an object named
EntitlementConfiguration then parses the XML to learn what entitlements
are supported.

There is a query UA will inject into the driver, if it is a query valued
entitlement and that list is retrieved during a code map refresh.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.