on 10-07-2019 9:39 AM
Hi all,
We installed IDM and connected SAP ERP system.
We run initial load job that every user have many ERP privileges as direct assigned privileges.
And we created and assigned business role which uses Dynamic Group based on his department.
Many of the privileges in business role are already assigned to users because the ERP system have been running already.
So most users have duplicated privileges direct assigned one which comes from initial load and in-direct assigned one which comes from business roles.
When a user change his department, he will lose current business role and get new business role.
But he will not lose directly assigned privileges which came from initial load.
And it is problem.
We have to revoke the direct assigned privileges which also exist as business roles.
How can I get a list of the privileges in dual existence?
Any comments welcome!!
best regards,
dongsu
Hi Dongsu,
usually these PRIVs are listed in IDMV_LINK views with an inherit count greater than 0. So a query as
select * from idmv_link_ext
where mcassignedinheritcount > 0;
should provide a list of objects with duplicate assignments (direct and indirect).
Regards,
Alex
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.