andresgutierrez

Micro Focus Frequent Contributor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-04-26
15:45
485 views
UserApp 4.7.1 - Child roles limited results visibility
Hello everyone,
We have a customer with a fresh, non-migrated IDM 4.7.1 installation. This customer has a huge role catalog, with more than 20.000 roles betyween roles 10-20-30, and of course there are also huge role relationships, both 30-20 and 20-10.
In the recent days, they sent us a concern about the UserApp platform: by looking a role 20 using any LDAP browser, the nrfChildRoles attribute shows the total list of child roles for that R20. But, by looking at the same role using the UserApp in the Roles Catalog, the child roles section shows only a fraction of the roles related to this R20.
Do you have any idea if this setting can be changed in order to show the total amount of child roles in this section of the UserApp?
Regards,
--
Andres Gutierrez
Security Solutions Consultant
Micro Focus HLA
Bogota DC - Colombia
We have a customer with a fresh, non-migrated IDM 4.7.1 installation. This customer has a huge role catalog, with more than 20.000 roles betyween roles 10-20-30, and of course there are also huge role relationships, both 30-20 and 20-10.
In the recent days, they sent us a concern about the UserApp platform: by looking a role 20 using any LDAP browser, the nrfChildRoles attribute shows the total list of child roles for that R20. But, by looking at the same role using the UserApp in the Roles Catalog, the child roles section shows only a fraction of the roles related to this R20.
Do you have any idea if this setting can be changed in order to show the total amount of child roles in this section of the UserApp?
Regards,
--
Andres Gutierrez
Security Solutions Consultant
Micro Focus HLA
Bogota DC - Colombia

1 Reply


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2019-04-29
19:02
On 4/26/2019 10:46 AM, andresgutierrez wrote:
>
> Hello everyone,
>
> We have a customer with a fresh, non-migrated IDM 4.7.1 installation.
> This customer has a huge role catalog, with more than 20.000 roles
> betyween roles 10-20-30, and of course there are also huge role
> relationships, both 30-20 and 20-10.
>
> In the recent days, they sent us a concern about the UserApp platform:
> by looking a role 20 using any LDAP browser, the nrfChildRoles attribute
> shows the total list of child roles for that R20. But, by looking at the
> same role using the UserApp in the Roles Catalog, the child roles
> section shows only a fraction of the roles related to this R20.
>
> Do you have any idea if this setting can be changed in order to show the
> total amount of child roles in this section of the UserApp?
There is a possibility that a recipricol attribute pair is broken?
I.e. On a level 20 role, nrfParentRole may be set, but on the Level 10
role the nrfChildRole may not be set? (I THINK these are reciprical but
I could be wrong). If they are, you could consider using Alekzs Console2
that has a Recripical report which shows which are missing and an LDIF
to fix it. If it is not a reciprical pairning, not useful advice.
http://sneakycat.biz for Console2
>
> Hello everyone,
>
> We have a customer with a fresh, non-migrated IDM 4.7.1 installation.
> This customer has a huge role catalog, with more than 20.000 roles
> betyween roles 10-20-30, and of course there are also huge role
> relationships, both 30-20 and 20-10.
>
> In the recent days, they sent us a concern about the UserApp platform:
> by looking a role 20 using any LDAP browser, the nrfChildRoles attribute
> shows the total list of child roles for that R20. But, by looking at the
> same role using the UserApp in the Roles Catalog, the child roles
> section shows only a fraction of the roles related to this R20.
>
> Do you have any idea if this setting can be changed in order to show the
> total amount of child roles in this section of the UserApp?
There is a possibility that a recipricol attribute pair is broken?
I.e. On a level 20 role, nrfParentRole may be set, but on the Level 10
role the nrfChildRole may not be set? (I THINK these are reciprical but
I could be wrong). If they are, you could consider using Alekzs Console2
that has a Recripical report which shows which are missing and an LDIF
to fix it. If it is not a reciprical pairning, not useful advice.
http://sneakycat.biz for Console2