NetIQ IDM 4.0.2 AE

SAP User Management (Subscriber-Only):

we have attribute on the filter called sapRoles with following

<filter-attr attr-name="sapRoles" merge-authority="default"
publisher="ignore" publisher-optimize-modify="true" subscriber="sync"/>

what we are experiencing that user sap roles has being overwritten by
IDM sap role information everytime we sync/migrate the user form idm to
sap. There are some SAP roles on the user on the sap side that we "DO
NOT WANT" to touch. but it looks like driver overwrites sapRoles on the
user in the sap with the sapRoles that are in IDM.

Is there any driver filter setting we need to tune so that we only
add/remove only sapRoles that are on the IDM side?


belaie's Profile:
View this thread: