Hi,

We have IDM 4.5 running on windows, having driver integrations to AD, SAP UM, RACF, SOAP systems.
There is an option in the driver Migrate from IDVault, my understanding is that it will be used to manually trigger an un-associated object to be processed by driver to created the user in the target system or to sync the existing attributes to target for already associated objects. I have tried for attribute sync, password sync that was working fine. But I see the existing roles are not re-assigned or re-synched to target.

Question 1:

Ex: If you take SAP UM driver., an user 'asmith' in IDM is already has an association with SAP UM, also assigned 5 roles in IDM, that assigned 5 SAP technical roles in SAP.

We only have subscriber channel enabled for sync, publisher is disabled. so no backward sync.

For some reasons, the technical roles in SAP are removed. We wanted to reassign the roles via IDM. I have tried the migrate from IDVault, but it only syncs the other user attributes but not the roles.

Is there anyway or any tool or any advice, how we can reassign the roles in the target application. so that whatever the roles assigned in IDM, it will be reassigned in the target (if its already assigned it should ignore and if not assinged it should be assigned)

Question 2:
Migrate from IDvault option is also available in "Roles and Resource Driver". If I try this option, what would happen? or what is the use of this option in the driver.?

Thanks in advance.

regards,
-dk