Layer7 Identity Management

Expand all | Collapse all

Identity Portal - Request on Behalf (From Manager)

Jump to Best Answer
  • 1.  Identity Portal - Request on Behalf (From Manager)

    Posted 20 days ago
    Hi Team,
    CA Identity Portal 14.3 (vapp)

    When login as myself, I can request to remove my own Internet Access", where it show the "-" remove button which is working fine.


    But when I login as Manager(jonri01), then search my staff(who is "William Cheang"),

    Then manager can not see the remove "-" button



    This is my Execution Plan, anything wrong with my execution plan ? Why manager can't see the "-" remove button ?





  • 2.  RE: Identity Portal - Request on Behalf (From Manager)

    Posted 20 days ago
    I have not performed this task myself, but based on your description it seems like you are running into a permissions scope issue.

    have you test removing a role from the manager as the manager? if so that would be the same use case as the employee removing the role itself.

    Did the manager assign the role to the user? can you try with assigning the role to the user as the manager then try to remove as the manager?

    Also, if this is possible, then it would just point to scoping of either the role assigned or the user being managed.

    Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio


    Bill Patton


  • 3.  RE: Identity Portal - Request on Behalf (From Manager)
    Best Answer

    Posted 20 days ago
    There are 2 requirements for this to happen:

    1. The manager needs to be an adminstrator of the provisioning role with a user scoping authority to assign the role to the subordinate users.

    2. The manager needs to have an admin role with a permission scope to execute the task that adds/revokes the provisioning role.

    If the above 2 requirements are verified and you still have the issue, then make sure you clear all chaches in the portal and retest.


  • 4.  RE: Identity Portal - Request on Behalf (From Manager)

    Posted 19 days ago
    Thanks for the advice, Lyes and Bill.
    It works now.