Enforce Scoping for workflow Participant Resolver in Identity Manager doesn't work as expected


Article ID: 210676


Updated On:


CA Identity Manager


We have copied Modify User task and attached Non-Policy Based SingleStepApproval or TwoStageApprovalProcess on ModifyUserEvent event. In the Primary Approver section we have specified "Admin Role Members" as Participant Resolver, set a configured Admin Role and enabled "Enforce Scoping"

We have configured the Admin Role so it has the following Member Rules
   1. Where User ID = jpadmin1, Scope: User, where User ID = jpuser1
   2. Where User ID = jpadmin2, Scope: User, where User ID = jpuser2

By enabling "Enforce Scoping" the expectation is when jpuser1 is modified, the approval work item should go to jpadmin1 only, likewise when jpuser2 is modified, the approval work item should go to jpadmin2 only.
However, IM doesn't honor the Member Rules of the Admin Role and approval work item goes to both jpadmin1 and jpadmin2.


Release : 14.3

Component : IdentityMinder(Identity Manager)


This issue is recorded as bug in DE493237. As this article is written, there is available hot-fix on top of the latest 14.3 CP2.
Please raise a support call ticket citing this article to request for the hot-fix.