Article
Buscar
Shameless Plugs
Most Popular
En línea
Usuarios en línea
- Anonymous
- antoniodigennaro
- Anonymous
- Anonymous
- Anonymous
- Anonymous
Inicio de sesión
%count lecturas
Removing Group Memberships in the IDM Vault
Problem
A Forum reader recently asked:
"Based on some events in IDVault, I want to trigger a policy on Subscrber/Evebt Transformation, which should remove all group-membership for the "current-user" / currentObject , so that user is not the member of any type of Groups in the IDVault at all."
And here is the response from Father Ramon ...
Solution
Actually, you have to remove each group membership individually in order for the reverse link to be removed. What you want to do is something more like this:
<do-for-each>
<arg-node-set>
<token-src-attr name="Group Membership"/>
</arg-node-set>
<arg-actions>
<do-remove-src-attr-value name="Group Membership">
<arg-value>
<token-local-variable name="current-node"/>
</arg-value>
</do-remove-src-attr-value>
<do-remove-src-attr-value name="Security Equals">
<arg-value>
<token-local-variable name="current-node"/>
</arg-value>
</do-remove-src-attr-value>
</arg-actions>
</do-for-each>
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
User Comments
- Be the first to comment! To leave a comment you need to Login or Register
- %count lecturas
0