Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
karmst2 Absent Member.
Absent Member.
329 views

Wonkiness with nrfGroupRoles and directly assigned Roles

Hello,

IDM 4.7.1.1 AE, both User Application and Engine.

I have an ongoing issue where it appears that the Roles and Resources Service Driver is misinterpreting Role assignments. The scenario I will describe worked with IDM 4.0.2.

The scenario is thus. Let's take a simple example of a User, but I believe this will apply to many Users.

We have a User who has been assigned an I.T. Role, and the I.T. Role has a Permission Role assigned. The Permission Role, in turn. has a Resource and an associated Entitlement.

The 2 tests I ran have 3 steps each.

1.1 - Add User to Group
1.2 - Add User to Role
1.3 - Remove User from Group

2.1 - Add User to Role
2.2 - Add User to Group
2.3 - Remove User from Role

The Group has an associated I.T. Role (nrfAssociatedRoles) which is setup, at the Resource and Entitlement level, exactly the same as the directly assigned Role.

What I am finding is that when the User is removed from the Role (Test 1) or Removed from the Group (Test 2), the Resource (and therefore the entitlement) are also removed.

For Test 1, I would expect the User to remain with the Resource and Entitlement because the User is still part of the Role that has the Resource and Entitlement linked to the Permission Role.
For Test 2, I would expect the User to remain with the Resource and Entitlement because the User is still part of the Group that has the Resource and Entitlement linked to the Permission Role which is assigned due to the nrfAssignedRoles pointing to the I.T. Role.

The screenshots of the tests are https://owncloud.belkast.com/index.php/s/1PFGupGR4VcR96u
Password is MicroFocus

Compare 1.1 - Add User to Group.png with 2.3 - Remove User from Role.png.

The attributes should be the same, because the end result is that the User is a member of the BWISE Group.

But, even though the nrfGroupRoles, nrfInheritedRoles, and nrfMemberOf attributes are all the same in 3.2 as they are in 1.1, the Resource has been taken off.


Thanks for any help or insight in advance!

-K
Labels (1)
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: Wonkiness with nrfGroupRoles and directly assigned Roles

I think you should open uo an SR for this. It should work.
Could be related ti this discussion:
https://forums.novell.com/showthread.php/511671-Role-not-processing-add-removes-from-assigned-eDir-Group
0 Likes
karmst2 Absent Member.
Absent Member.

Re: Wonkiness with nrfGroupRoles and directly assigned Roles

Thanks for sending on the link to the other thread, Joakim.

We will open an SR.

-K
0 Likes
Knowledge Partner
Knowledge Partner

Re: Wonkiness with nrfGroupRoles and directly assigned Roles

Keith,

Try RRSD patch 472 - this looked to be related to your issue. Bug 1105072: RRSD Driver: Removing users from group having parent role assignments removes overlapping child roles from group members.

Alex
Alex McHugh - Knowledge Partner - Stavanger, Norway
Who are the Knowledge Partners
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.