Symantec IGA

 View Only
  • 1.  Identity Portal - Request on Behalf (From Manager)

    Posted Jun 26, 2019 04:56 AM
    Hi Team,
    CA Identity Portal 14.3 (vapp)

    When login as myself, I can request to remove my own Internet Access", where it show the "-" remove button which is working fine.


    But when I login as Manager(jonri01), then search my staff(who is "William Cheang"),

    Then manager can not see the remove "-" button



    This is my Execution Plan, anything wrong with my execution plan ? Why manager can't see the "-" remove button ?





  • 2.  RE: Identity Portal - Request on Behalf (From Manager)

    Broadcom Employee
    Posted Jun 26, 2019 11:30 AM
    I have not performed this task myself, but based on your description it seems like you are running into a permissions scope issue.

    have you test removing a role from the manager as the manager? if so that would be the same use case as the employee removing the role itself.

    Did the manager assign the role to the user? can you try with assigning the role to the user as the manager then try to remove as the manager?

    Also, if this is possible, then it would just point to scoping of either the role assigned or the user being managed.

    Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio


    Bill Patton


  • 3.  RE: Identity Portal - Request on Behalf (From Manager)
    Best Answer

    Broadcom Employee
    Posted Jun 26, 2019 06:35 PM
    There are 2 requirements for this to happen:

    1. The manager needs to be an adminstrator of the provisioning role with a user scoping authority to assign the role to the subordinate users.

    2. The manager needs to have an admin role with a permission scope to execute the task that adds/revokes the provisioning role.

    If the above 2 requirements are verified and you still have the issue, then make sure you clear all chaches in the portal and retest.


  • 4.  RE: Identity Portal - Request on Behalf (From Manager)

    Posted Jun 27, 2019 01:59 AM
    Thanks for the advice, Lyes and Bill.
    It works now.