On 08/15/2012 06:16 AM, stavae wrote:
> Unfortunately, this does not help because, security equivalents can
> only be assigned to entire drivers. For example, the User Application
> Driver.
> It isn't possible to assign them to individual Workflows and/or User
> Interfaces.
> And, as I mentioned in my first post, the "Add Trustees" function (when
> building workflows) is useless. It does nothing to restrict users and/or
> groups.
> As with the "security equivalents", this does not seem to allow for
> INDIVIDUAL PRD's (workflows, etc). Only the entire User App driver
> (?)
> Totally contrary to what is needed. The PRD's are already access-free
> (meaning, EVERY USER) can view them and modify them
> What I need is : to RESTRICT users to specific PRD's. I need
> something to REMOVE trustees (or block), not ADD more.

Something has been set/changed in your Vault that is causing this.
Because, after a default installation of the eDir/IDM/UserApp/Designer,
if you create a Workflow (PRD) and:

1) Set no trustee then only a Provisioning Administrator or Delegated
Provisioning Admin can see it to start it. All other users will not see it.

2) If you set a specific Trustee (User/Group/Container/Role) then only
someone that securityEquals to the above will be able to see and start
it. All other users will not see it.

I would suggest at this point that you open a Service Request to get
assistance to look over your Vault to see what is causing this.
Otherwise you can continue to try and dig through this OR re-install...

Steven Williams
Lead Software Engineer