cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting Validity on an existing role assignment

Go to solution
former_member2987
Active Contributor

on ‎11-21-2016 9:45 PM

0 Kudos

Hi folks,

Having an issue with IDM 7.2 workflow, where we need to reset validity on a role assignment to a user.

MXREF_MX_ROLE{A}{VALIDFROM=1999-01-01!!VALIDTO=2018-11-21}2667064

A previous step in the workflow assigns the role with no validity set, this step sets the validity from a base date to two years from today.

I'm guessing that there is an issue with my {operator} and would appreciate any help / documentation / reference that you might have on this.

Thanks!

Matt

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member2987
Active Contributor
‎11-29-2016 5:47 PM
0 Kudos

Finally got it working. Needed to get the date format straight. Thanks for everyone's help!

Show replies
Show replies

Answers (3)

Answers (3)

devaprakash_b
Active Contributor
‎11-27-2016 6:16 AM

Hi Matt,

As mentioned by jai, link id is needed to modify the role validity and it can be found from idmv_link_ext view or mcuniqueid column from mxi_link table. Please use the below syntax to modify the role

MXREF_MX_ROLE = {A}{LINKID=mcuniueid from mxi_link table!!VALIDFROM=new valid from!!VALIDTO=new valid to}rolemskey

or

MXREF_MX_ROLE = {A}{LINKID=mcuniueid from mxi_link table!!VALIDFROM=new valid from!!VALIDTO=new valid to}<MSKEYVALUE ATTRIBUTE OF ROLE>

Regards,

DP

Show replies
Show replies
former_member2987
Active Contributor
‎11-28-2016 4:12 PM
0 Kudos

DP, this is very helpful. I will try it.

Thanks!

Steffi_Warnecke
Active Contributor
‎11-25-2016 10:42 AM

Hey Matt,

I'm not sure which issue you have. Can you share an error message?

An example for our role assignment with link-id would look like this:

{A}{ValidFrom=%VALIDFROM%!!ValidTo=%VALIDTO%$FUNCTION.isv_read_mcuniqueid_for_role(%USERMSKEYVALUE%!!<PRIVILEGEMSKEYVALUE>)$$}<PRIVILEGEMSKEYVALUE>

The function "isv_read_mcuniqueid_for_role" looks for a mcuniqueid in "idmv_link_ext" for the mskey of the identity with the mskey of the privilege and if one is found, adds a "!!LINKID=<mcuniqueid>" to the string above.

Then the IDM knows, it needs to update that link. If no mcuniqueid is found, it will just create a new link with your data.

.

Regards,

Steffi.

Show replies
Show replies
former_member2987
Active Contributor
‎11-28-2016 4:11 PM
0 Kudos

Not getting an error, Steffi, just not getting validity dates set 😞

jaisuryan
Active Contributor
‎11-22-2016 5:25 AM

Hi Matt,

Was it working before or is it new development?

Since you have assigned the role to user in previous step, any further updates to assignment would require the {linkid} to be passed as well.

Kind regards,

Jai

Show replies
Show replies
former_member2987
Active Contributor
‎11-22-2016 1:11 PM
0 Kudos

Hi Jai,

Would that be the same linkid from the idmv_link_ext table? Can you provide an example?

Thanks!

Matt

former_member2987
Active Contributor
‎11-22-2016 1:11 PM
0 Kudos

Hi Jai,

Would that be the same linkid from the idmv_link_ext table? Can you provide an example?

Thanks!

Matt

Ask a Question