cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to get a list of privileges of a user which assigned direct and indirect at the same time?

Go to solution
former_member431321
Participant

on ‎10-07-2019 9:39 AM

0 Kudos

Hi all,

We installed IDM and connected SAP ERP system.

We run initial load job that every user have many ERP privileges as direct assigned privileges.

And we created and assigned business role which uses Dynamic Group based on his department.

Many of the privileges in business role are already assigned to users because the ERP system have been running already.

So most users have duplicated privileges direct assigned one which comes from initial load and in-direct assigned one which comes from business roles.

When a user change his department, he will lose current business role and get new business role.

But he will not lose directly assigned privileges which came from initial load.

And it is problem.

We have to revoke the direct assigned privileges which also exist as business roles.

How can I get a list of the privileges in dual existence?

Any comments welcome!!

best regards,

dongsu

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

alexanderbrietz
Active Contributor
‎10-07-2019 10:48 AM
0 Kudos

Hi Dongsu,

usually these PRIVs are listed in IDMV_LINK views with an inherit count greater than 0. So a query as

select * from idmv_link_ext
where mcassignedinheritcount > 0;

should provide a list of objects with duplicate assignments (direct and indirect).

Regards,

Alex

Show replies
Show replies
former_member431321
Participant
‎10-07-2019 12:20 PM
0 Kudos

Thank you very much

regards,

dongsu

Answers (0)

Ask a Question