Novell Home

My Favorites

Close

Please to see your favorites.

User application administrator assignments not created

This document (7010905) is provided subject to the disclaimer at the end of this document.

Environment


NetIQ Identity Manager Roles Based Provisioning Module 3.7, 4.x

Situation

RBPM administrator does not have any administrator assignments after the install or change of assignments.
RBPM administrator does not have access to RBPM Provisioning and Security tab under Administration in UA.
Role administrator does have access to any RBPM Provisioning and Security tasks in UA .

Resolution

During the initial RBPM install, default administrator and any other role administrators get set in configupdate interface. These administrator assignments are performed when UA interface is accessed for the first time.  The assignments are done through Role and Resource service driver.

If the administrator does not receive any of the administrator roles or assignments, you will see the following message in Role and Resource service driver log:

10/08/12 18:00:18.788]:roleResourceDriver0 ST:: Processing request
        DN: dc=system\dc=service\dc=idm\CN=driverset0\CN=UserApplication0\CN=AppConfig\CN=RoleConfig\CN=Requests\CN=20121008180018-8766c080a116400cb30f1e8be56acee2-0
[10/08/12 18:00:18.788]:roleResourceDriver0 ST:: Role recalculation operation ignored because identity is out of scope
                Identity DN: dc=system\dc=service\dc=idm\CN=driverset0\CN=UserApplication0\CN=AppConfig\CN=RoleConfig\CN=Requests\CN=20121008180018-8766c080a116400cb30f1e8be56acee2-0
                User-Group root DN: dc=system\dc=sa\CN=uaadmin

The administrator role or assignment was not performed because the user is out of scope. This scope is set on Role and Resource service driver - Driver configuration - Driver parameters tab - User-group base container DN.

Any user outside of this scope will not be acted upon, granted or revoked any roles, by Role and Resource service driver. 

After you correct the User-group base DN to include your administrator scope, you will have to redo the administrator assignments.

Follow the steps in the User application Administration documentation:

https://www.netiq.com/documentation/idm402/agpro/data/bncio25.html

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010905
  • Creation Date:10-OCT-12
  • Modified Date:10-OCT-12
    • NetIQIdentity Manager Roles Based Provisioning Module

Did this document solve your problem? Provide Feedback