Anonymous_User Absent Member.
Absent Member.
255 views

User App 4.5 - Role Catalog - Relocating request placement


When we assign roles (to users/groups/containers) in User App 4.5 /
Roles and Resources tab / Role Catalog, by default all the (role)
requests are created in User App (i.e.,
cn=Requests,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet...)
If the Roles have associated resources, the corresponding resource
requests are also created in User App (i.e.,
cn=ResourceRequests,cn=RoleConfig,cn=AppConfig,cn=UserApplication,cn=DriverSet...)

Questions:

A. If there are many such (role/resource) requests, the size of the User
App driver will grow a lot. Would it be an issue in the long run?

B. If question A's answer is yes, can we relocate the requests (during
creation) in other places outside the user app (e.g.,
cn=Requests,ou=C,ou=B,ou=A,o=MyCompany), if yes, how?

Thanks a lot in advance for your time and reply.


--
samiranmd
------------------------------------------------------------------------
samiranmd's Profile: https://forums.netiq.com/member.php?userid=11549
View this thread: https://forums.netiq.com/showthread.php?t=55481

Labels (1)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: User App 4.5 - Role Catalog - Relocating request placement

samiranmd <samiranmd@no-mx.forums.microfocus.com> wrote:
>
>
> A. If there are many such (role/resource) requests, the size of the User

App driver will grow a lot. Would it be an issue in the long run?

If it was a reality issue, the vendor would have come up with an
alternative solution. Like they have done with associations. In idm 4.5 you
can chose to switch to another type of association which scales better once
you get up to really large numbers of identities (not exactly sure where
the point is where this becomes a problem, think it is somewhere around
5-10 million identities.

>
> B. If question A's answer is yes, can we relocate the requests (during

creation) in other places outside the user app (e.g.,
cn=Requests,ou=C,ou=B,ou=A,o=MyCompany), if yes, how?
>


I don't believe this is supported or a good idea.

--
If you find this post helpful and are logged into the web interface, show
your appreciation and click on the star below...
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User App 4.5 - Role Catalog - Relocating request placement

On 3/7/16 4:20 AM, Alex Mchugh wrote:
> samiranmd <samiranmd@no-mx.forums.microfocus.com> wrote:
>>
>>
>> A. If there are many such (role/resource) requests, the size of the User

> App driver will grow a lot. Would it be an issue in the long run?
>
> If it was a reality issue, the vendor would have come up with an
> alternative solution. Like they have done with associations. In idm 4.5 you
> can chose to switch to another type of association which scales better once
> you get up to really large numbers of identities (not exactly sure where
> the point is where this becomes a problem, think it is somewhere around
> 5-10 million identities.
>
>>
>> B. If question A's answer is yes, can we relocate the requests (during

> creation) in other places outside the user app (e.g.,
> cn=Requests,ou=C,ou=B,ou=A,o=MyCompany), if yes, how?
>>

>
> I don't believe this is supported or a good idea.
>

Greetings,
It is not possible to change where Role and Resource definitions,
Associations, and Role/Resource Requests are contained.

There is a setting on the Role and Resource Service driver that
outlines how long to keep "completed" requests. The default value is
seven (7) days. Which means that once a request for a Role or Resource
has completed (either successfully or with failure) and it is more then
seven days old, the clean-up thread will remove it.


This is similar to the clean-up thread for completed workflows.

--
Sincerely,
Steven Williams
Lead Software Engineer
Micro Focus
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: User App 4.5 - Role Catalog - Relocating request placement


Steven Williams;265805 Wrote:
> On 3/7/16 4:20 AM, Alex Mchugh wrote:
> > samiranmd <samiranmd@no-mx.forums.microfocus.com> wrote:
> >>
> >>
> >> A. If there are many such (role/resource) requests, the size of the

> User
> > App driver will grow a lot. Would it be an issue in the long run?
> >
> > If it was a reality issue, the vendor would have come up with an
> > alternative solution. Like they have done with associations. In idm

> 4.5 you
> > can chose to switch to another type of association which scales better

> once
> > you get up to really large numbers of identities (not exactly sure

> where
> > the point is where this becomes a problem, think it is somewhere

> around
> > 5-10 million identities.
> >
> >>
> >> B. If question A's answer is yes, can we relocate the requests

> (during
> > creation) in other places outside the user app (e.g.,
> > cn=Requests,ou=C,ou=B,ou=A,o=MyCompany), if yes, how?
> >>

> >
> > I don't believe this is supported or a good idea.
> >

> Greetings,
> It is not possible to change where Role and Resource definitions,
> Associations, and Role/Resource Requests are contained.
>
> There is a setting on the Role and Resource Service driver that
> outlines how long to keep "completed" requests. The default value is
> seven (7) days. Which means that once a request for a Role or Resource
> has completed (either successfully or with failure) and it is more then
> seven days old, the clean-up thread will remove it.
>
>
> This is similar to the clean-up thread for completed workflows.
>
> --
> Sincerely,
> Steven Williams
> Lead Software Engineer
> Micro Focus



Thank you very much guys for your prompt and valuable reply. My
confusion is clear now.


--
samiranmd
------------------------------------------------------------------------
samiranmd's Profile: https://forums.netiq.com/member.php?userid=11549
View this thread: https://forums.netiq.com/showthread.php?t=55481

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.