Symantec Identity Management

Expand all | Collapse all

insufficeint access right to update attribute in IM USer store

Jump to Best Answer
  • 1.  insufficeint access right to update attribute in IM USer store

    Posted 01-03-2020 10:30 AM
    Hi,

        I am doing a powershell script for update the attribute in the user store for identity manager. My script will query the user store first for the required attribute(Attribute A) and process it. After that, my script will update the other attribute (Attribute B). But when my script try to update Attribute B, I get insufficient access right to perform the operation, I didn't found the same error when my script try to query the user store. The connection credential I used was dsaadmin. May I know whether the dsaadmin only have the read permission only ? I can share the powershell syntax I use if required


  • 2.  RE: insufficeint access right to update attribute in IM USer store
    Best Answer

    Posted 01-03-2020 10:49 AM
    It seems like the dsaadmin user does not have sufficient permissions to write. Try running the same update via jxplorer or a similar LDAP browser to see if you need to modify permissions.

    If you are using CA Directory, please see the documentation for directory access controls:
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/directory/14-1/ca-directory-concepts/directory-access-controls.html

    ------------------------------
    Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------



  • 3.  RE: insufficeint access right to update attribute in IM USer store

    Posted 01-06-2020 01:56 AM
    Since, you mentioned Attribute A is getting updated fine that means permission to update Attribute A is correct. Please verify that the attribute B has proper permission to be updated and is an attribute of LDAP which can be edited.