Skip to Content
0

Setting Validity on an existing role assignment

Nov 21, 2016 at 09:45 PM

216

avatar image

Hi folks,

Having an issue with IDM 7.2 workflow, where we need to reset validity on a role assignment to a user.

MXREF_MX_ROLE{A}{VALIDFROM=1999-01-01!!VALIDTO=2018-11-21}2667064

A previous step in the workflow assigns the role with no validity set, this step sets the validity from a base date to two years from today.

I'm guessing that there is an issue with my {operator} and would appreciate any help / documentation / reference that you might have on this.

Thanks!

Matt

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Best Answer
Matt Pollicove Nov 29, 2016 at 05:47 PM
0

Finally got it working. Needed to get the date format straight. Thanks for everyone's help!

Share
10 |10000 characters needed characters left characters exceeded
Jai Suryan Nov 22, 2016 at 05:25 AM
1

Hi Matt,

Was it working before or is it new development?

Since you have assigned the role to user in previous step, any further updates to assignment would require the {linkid} to be passed as well.

Kind regards,

Jai

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Hi Jai,

Would that be the same linkid from the idmv_link_ext table? Can you provide an example?

Thanks!

Matt

0

Hi Jai,

Would that be the same linkid from the idmv_link_ext table? Can you provide an example?

Thanks!

Matt

0
Steffi Warnecke Nov 25, 2016 at 10:42 AM
1

Hey Matt,

I'm not sure which issue you have. Can you share an error message?

An example for our role assignment with link-id would look like this:

{A}{ValidFrom=%VALIDFROM%!!ValidTo=%VALIDTO%$FUNCTION.isv_read_mcuniqueid_for_role(%USERMSKEYVALUE%!!<PRIVILEGEMSKEYVALUE>)$$}<PRIVILEGEMSKEYVALUE>

The function "isv_read_mcuniqueid_for_role" looks for a mcuniqueid in "idmv_link_ext" for the mskey of the identity with the mskey of the privilege and if one is found, adds a "!!LINKID=<mcuniqueid>" to the string above.

Then the IDM knows, it needs to update that link. If no mcuniqueid is found, it will just create a new link with your data.

.

Regards,

Steffi.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Not getting an error, Steffi, just not getting validity dates set :(

0
Deva Prakash B Nov 27, 2016 at 06:16 AM
1

Hi Matt,

As mentioned by jai, link id is needed to modify the role validity and it can be found from idmv_link_ext view or mcuniqueid column from mxi_link table. Please use the below syntax to modify the role

MXREF_MX_ROLE = {A}{LINKID=mcuniueid from mxi_link table!!VALIDFROM=new valid from!!VALIDTO=new valid to}rolemskey

or

MXREF_MX_ROLE = {A}{LINKID=mcuniueid from mxi_link table!!VALIDFROM=new valid from!!VALIDTO=new valid to}<MSKEYVALUE ATTRIBUTE OF ROLE>

Regards,

DP

Show 1 Share
10 |10000 characters needed characters left characters exceeded

DP, this is very helpful. I will try it.

Thanks!

0