Skip to Content
Oct 07, 2019 at 08:39 AM

How to get a list of privileges of a user which assigned direct and indirect at the same time?


Hi all,

We installed IDM and connected SAP ERP system.

We run initial load job that every user have many ERP privileges as direct assigned privileges.

And we created and assigned business role which uses Dynamic Group based on his department.

Many of the privileges in business role are already assigned to users because the ERP system have been running already.

So most users have duplicated privileges direct assigned one which comes from initial load and in-direct assigned one which comes from business roles.

When a user change his department, he will lose current business role and get new business role.

But he will not lose directly assigned privileges which came from initial load.

And it is problem.

We have to revoke the direct assigned privileges which also exist as business roles.

How can I get a list of the privileges in dual existence?

Any comments welcome!!

best regards,