Symantec IGA

Expand all | Collapse all

PX.RULES stored under IDM_IdentityPolices and how to migrate it across environments

Jump to Best Answer
  • 1.  PX.RULES stored under IDM_IdentityPolices and how to migrate it across environments

    Posted 05-21-2018 06:33 AM

    Hi,

    We were working on a migration plan to migrate the users from an old system to new system During that we came across IDM_IdentityPolicy attribute in user store(CA Directory) which stores value like  PX.RULE.wiam-imb;76;87,.We wanted to understand what is this value used for and what is being referred to by those numbers.

    We would also like to understand if the value for this attribute is crucial for migration and how to proceed with it.

    Any help or pointers towards the right direction is greatly appreciated.

     

    Thanks,

    Saif 



  • 2.  Re: PX.RULES stored under IDM_IdentityPolices and how to migrate it across environments

    Posted 05-21-2018 03:28 PM

    PX policies can be configured to only run once for any given user object. The data that you're seeing in that user data is that PX policy with an internal id of wiam-imb;76;87 has been executed against this user already, so there is no need to apply this policy again if asked.



  • 3.  Re: PX.RULES stored under IDM_IdentityPolices and how to migrate it across environments

    Posted 05-22-2018 09:40 AM

    Hi William,

     

    What does the number in the value specifies and Is this attribute necessary to Migrate the values if we are migrating users from one environment to another?

     

    Thanks 

    Saif



  • 4.  Re: PX.RULES stored under IDM_IdentityPolices and how to migrate it across environments
    Best Answer

    Posted 05-25-2018 10:56 AM

    When the PX Policies are created there are records inserted into various tables in the objectstore. The tables have a UNIQUE_NAME column which increments for each newly added record and the numerics you see in the %IDENTITY_POLICY% well-known attribute value refers back to these records. You would need to preserve the existing database records as they are so that these numerical references in the %IDENTITY_POLICY% well-known attribute value still matches the correct PX Policy. If you were importing fresh then the tables would be repopulated with different numerical references which would cause data integrity problems with the %IDENTITY_POLICY% well-known attribute value on the users.