Symantec IGA

 View Only
  • 1.  Traversing though the prov roles

    Posted Nov 22, 2016 09:53 AM

    I have a custom attirbute in the provisioing role which defines the approval of the role. I am creating a polcy xpress which should fetch me this approval name, howver as per my understanding I will not be able to get the provisioning role based on this attribute as we dont have a data element which will iterate through all the roles where the user is approver.

     

    However in policy xpress can we iterate through all the prov. roles which are exsiting in the system ? Really stupid way to compare the custom attribute in all the roles to compare against the user id but i was wondering if its possible or not.#Provisioning role #policyxpress



  • 2.  Re: Traversing though the prov roles
    Best Answer

    Posted Dec 08, 2016 12:41 PM

    You could look at using a PX Policy LDAP Data Source data element which points at the Provisioning Repository to do a query. We don't normally recommend hitting the Provisioning Repository over the Provisioning Server but it would be a faster query without putting strain on the Provisioning Server. Note: If the product architecture changes in the future with respect to Provisioning Server/Repository accessibility and stored data it could impact your implementation.



  • 3.  Re: Traversing though the prov roles

    Posted Dec 09, 2016 04:38 AM

    Yes sorry I hadnt updated the question. We actually did the same way by creating a data element of LDAP Query which we tried to avoid doing but could not find any other alternative.

     

    But thanks for the answer.