Symantec IGA

Expand all | Collapse all

policy xpress get provisioning role assigned

  • 1.  policy xpress get provisioning role assigned

    Posted 10-20-2015 10:20 AM

    Hi, I have provisioning roles named RF.xxxxx, and I want to implement a xpress policy to avoid in Identity Manager to request more thatn two RF.xxxx roles. I'm configuring the xpress policy but I only get provisioning roles that the user has, I use the attributes changed for userprovisioningroles for UI in xpress policy but doesn't work, always return false.

     

    There is a rule in xpress policy that can get me the provisioning roles that I requested in the task that I can use in validate before submission step of the task?. I'm using CA Identity Minder 12.6 sp 6, I don't know if this behavior has fixed or which is the exact policy that I need to configure.

     

     

    thanks



  • 2.  Re: policy xpress get provisioning role assigned

    Posted 10-22-2015 05:09 AM

    Hi,

     

    Firstly. You can not use PX->PolicyType=UI to retreive the ProvisioningRole info. You have use PolicyType=Submitted Task.

    Secondly, when u defined your Provisioning Role Listing/Searching screen, there is an option to specify "Single" selection or "Multiple" selection.

     

    regards,

    William



  • 3.  Re: policy xpress get provisioning role assigned

    Broadcom Employee
    Posted 10-21-2015 02:58 AM

    Hi

    You probably see all the provisioning role you are the administrator of.

    If you Modify Admin Task > Create Policy Xpress Policy > Action Rules tab and select Default Provisioning Role All search - do you get the desired behaviour?

    Regards

    Rinat Matityahu

    Principal Support Engineer

    CA Tech Support - EMEA



  • 4.  Re: policy xpress get provisioning role assigned

    Posted 10-21-2015 01:31 PM

    mmm, When you submit a task, you select the provisioning roles that you want to provision, I defined the filters so only roles RF.* appear, now I need to validate that the user doesn't select more than one RF.* provisioning role. I the policy xpress rules I made tests and I can get the roles that the user has physically, but I have not been able to access the provisioning roles that the user is selecting in the tasks so I can send an error message if he selects more than ore RF.* role.

     

     

    thanks