Hi, I have provisioning roles named RF.xxxxx, and I want to implement a xpress policy to avoid in Identity Manager to request more thatn two RF.xxxx roles. I'm configuring the xpress policy but I only get provisioning roles that the user has, I use the attributes changed for userprovisioningroles for UI in xpress policy but doesn't work, always return false.
There is a rule in xpress policy that can get me the provisioning roles that I requested in the task that I can use in validate before submission step of the task?. I'm using CA Identity Minder 12.6 sp 6, I don't know if this behavior has fixed or which is the exact policy that I need to configure.
Firstly. You can not use PX->PolicyType=UI to retreive the ProvisioningRole info. You have use PolicyType=Submitted Task.
Secondly, when u defined your Provisioning Role Listing/Searching screen, there is an option to specify "Single" selection or "Multiple" selection.
You probably see all the provisioning role you are the administrator of.
If you Modify Admin Task > Create Policy Xpress Policy > Action Rules tab and select Default Provisioning Role All search - do you get the desired behaviour?
Principal Support Engineer
CA Tech Support - EMEA
mmm, When you submit a task, you select the provisioning roles that you want to provision, I defined the filters so only roles RF.* appear, now I need to validate that the user doesn't select more than one RF.* provisioning role. I the policy xpress rules I made tests and I can get the roles that the user has physically, but I have not been able to access the provisioning roles that the user is selecting in the tasks so I can send an error message if he selects more than ore RF.* role.