Hi
i'll try to explain my problem although it is a little complicated.

HERE IS WHAT IM TRYING TO ACHIEVE:
I have a number of roles that contains a resource with an entitlement
with a dynamic parameter value. The value is a DN and I want to change
it to a GUID. So all users assigned to the roles should get the new
entitlement (with the new GUID entitlement value) and the old one should
be revoked.

WHAT AM I DOING:
I have a workflow where I use a number of integration activities. First
I add a new resource association to the role using the
createResourceAssociation web service call with a GUID as the dynamic
entitlement value. Afterwards I loop through all resource associations
for that role and find the old resource that contains a DN as the
dynamic value. When that is found I delete that resource association
using the web services call deleteResourceAssociation.

WHAT IS THE RESULT:
In the UA driver under appconfig/roleconf/resourceassociations the old
resource association object changes its nrfStatus to 15 (Approval
Pending) and the new one is created with nrfStatus 50. But I see no
approval anywhere weird?. Under the Roles and Resources tab everything
looks normal. The old resource is gone and the new one I present. But
the weird thing is that it is not reflected consistently on the users
that are assigned to the different roles. On some roles everything is
working, all users are granted the new resource and the old one is
revoked correctly. On other roles although containing the EXACT same
resource (and configured the EXACT same way) the users are only granted
the new resource and the old one are NOT being revoked. Both roles
contain the same resource only the dynamic values differ.
I also experience on certain roles that the old resource association
object is completely deleted and only the new one exists in the
directory with nrfStatus 50. In this case everything also seems to work
as intended.

Does anyone have a clue to why these differences occur???

IDM VERSION
4.0.1 Advanced edition

UA VERSION:
Identity Manager Roles Based Provisioning Module Version 4.0.1 Patch C
Build Revision 38774

UA DRIVER VERSION:[/B]
0.20100915.102923

[B]ROLE AND RESSOURCE DRIVER VERSION:
4.0.0.6383

Best regards
Carsten


--
carsten2860
------------------------------------------------------------------------
carsten2860's Profile: https://forums.netiq.com/member.php?userid=357
View this thread: https://forums.netiq.com/showthread.php?t=48393