Symantec IGA

Hi all,
We need to limit seach for specific OU in Group search in our "Modify Active Directory Account Template" admin task.

We cannot use option "Show only objects meeting the following rules" in search screen because our condition is more complex and we cannot set up OR operator there.

So we were thinking to use scope rules in admin roles which should be build-in solution as we would like to avoid customization. However, if we set up scope rule to it still does not work. 

We tried following options which make sense for us. We tried use only one condition, also both and nothing worked.



------------------------------
Thank you for any thoughts!

Regards.

Martin
------------------------------

This may not be possible as the data being returned on the account template search is available to the account specified on the endpoint credentials of the endpoint and cannot be scoped for IM admin role usage. This data is being returned in real-time by the credentials used on the endpoint as a proxy for the account logged into IM.


Bill Patton


------------------------------
And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
------------------------------

Original Message:
Sent: 03-26-2020 04:28 AM
From: Martin Klicha
Subject: Scope rule in admin role to be able to see only specific containers.

Hi all,
We need to limit seach for specific OU in Group search in our "Modify Active Directory Account Template" admin task.

We cannot use option "Show only objects meeting the following rules" in search screen because our condition is more complex and we cannot set up OR operator there.

So we were thinking to use scope rules in admin roles which should be build-in solution as we would like to avoid customization. However, if we set up scope rule to it still does not work.

We tried following options which make sense for us. We tried use only one condition, also both and nothing worked.

Any ideas why the scope rules dont work? Is there any other necessary settings we need to do? Or are we using wrong condition? We are using IM 14.3.

------------------------------
Thank you for any thoughts!

Regards.

Martin
------------------------------