I am considering two different methods of keeping the prod Identity
Vault and staging Identity Vault in synch using eDir to eDir drivers.
Both environments include Roles Based Access.

Option 1: Include all the nrf.... attributes and DirXML-EntitlementRef
(for AD user account only) in the filter for the User class. (I see
problems with AD group entitlements)
Option 2: Include the role request object class will all attributes in
the filter. Then the Roles and Resources driver will keep the nrf
attributes and entitlments in synch.

Role approval is not used in staging so roles will be assigned.

Is there a preferred method for keeping the environments in synch?

ptown's Profile: https://forums.netiq.com/member.php?userid=418
View this thread: https://forums.netiq.com/showthread.php?t=49894