Skip to Content

Setting Validity on an existing role assignment

Hi folks,

Having an issue with IDM 7.2 workflow, where we need to reset validity on a role assignment to a user.

MXREF_MX_ROLE{A}{VALIDFROM=1999-01-01!!VALIDTO=2018-11-21}2667064

A previous step in the workflow assigns the role with no validity set, this step sets the validity from a base date to two years from today.

I'm guessing that there is an issue with my {operator} and would appreciate any help / documentation / reference that you might have on this.

Thanks!

Matt

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    Nov 29, 2016 at 05:47 PM

    Finally got it working. Needed to get the date format straight. Thanks for everyone's help!

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 22, 2016 at 05:25 AM

    Hi Matt,

    Was it working before or is it new development?

    Since you have assigned the role to user in previous step, any further updates to assignment would require the {linkid} to be passed as well.

    Kind regards,

    Jai

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 25, 2016 at 10:42 AM

    Hey Matt,

    I'm not sure which issue you have. Can you share an error message?

    An example for our role assignment with link-id would look like this:

    {A}{ValidFrom=%VALIDFROM%!!ValidTo=%VALIDTO%$FUNCTION.isv_read_mcuniqueid_for_role(%USERMSKEYVALUE%!!<PRIVILEGEMSKEYVALUE>)$$}<PRIVILEGEMSKEYVALUE>

    The function "isv_read_mcuniqueid_for_role" looks for a mcuniqueid in "idmv_link_ext" for the mskey of the identity with the mskey of the privilege and if one is found, adds a "!!LINKID=<mcuniqueid>" to the string above.

    Then the IDM knows, it needs to update that link. If no mcuniqueid is found, it will just create a new link with your data.

    .

    Regards,

    Steffi.

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 27, 2016 at 06:16 AM

    Hi Matt,

    As mentioned by jai, link id is needed to modify the role validity and it can be found from idmv_link_ext view or mcuniqueid column from mxi_link table. Please use the below syntax to modify the role

    MXREF_MX_ROLE = {A}{LINKID=mcuniueid from mxi_link table!!VALIDFROM=new valid from!!VALIDTO=new valid to}rolemskey

    or

    MXREF_MX_ROLE = {A}{LINKID=mcuniueid from mxi_link table!!VALIDFROM=new valid from!!VALIDTO=new valid to}<MSKEYVALUE ATTRIBUTE OF ROLE>

    Regards,

    DP

    Add comment
    10|10000 characters needed characters exceeded