on 11-21-2016 9:45 PM
Hi folks,
Having an issue with IDM 7.2 workflow, where we need to reset validity on a role assignment to a user.
MXREF_MX_ROLE{A}{VALIDFROM=1999-01-01!!VALIDTO=2018-11-21}2667064
A previous step in the workflow assigns the role with no validity set, this step sets the validity from a base date to two years from today.
I'm guessing that there is an issue with my {operator} and would appreciate any help / documentation / reference that you might have on this.
Thanks!
Matt
Finally got it working. Needed to get the date format straight. Thanks for everyone's help!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
As mentioned by jai, link id is needed to modify the role validity and it can be found from idmv_link_ext view or mcuniqueid column from mxi_link table. Please use the below syntax to modify the role
MXREF_MX_ROLE = {A}{LINKID=mcuniueid from mxi_link table!!VALIDFROM=new valid from!!VALIDTO=new valid to}rolemskey
or
MXREF_MX_ROLE = {A}{LINKID=mcuniueid from mxi_link table!!VALIDFROM=new valid from!!VALIDTO=new valid to}<MSKEYVALUE ATTRIBUTE OF ROLE>
Regards,
DP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Matt,
I'm not sure which issue you have. Can you share an error message?
An example for our role assignment with link-id would look like this:
{A}{ValidFrom=%VALIDFROM%!!ValidTo=%VALIDTO%$FUNCTION.isv_read_mcuniqueid_for_role(%USERMSKEYVALUE%!!<PRIVILEGEMSKEYVALUE>)$$}<PRIVILEGEMSKEYVALUE>
The function "isv_read_mcuniqueid_for_role" looks for a mcuniqueid in "idmv_link_ext" for the mskey of the identity with the mskey of the privilege and if one is found, adds a "!!LINKID=<mcuniqueid>" to the string above.
Then the IDM knows, it needs to update that link. If no mcuniqueid is found, it will just create a new link with your data.
.
Regards,
Steffi.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Matt,
Was it working before or is it new development?
Since you have assigned the role to user in previous step, any further updates to assignment would require the {linkid} to be passed as well.
Kind regards,
Jai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
77 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.