Group Permissions Not Working with Multiple ADs

book

Article ID: 224315

calendar_today

Updated On:

Products

CA Service Catalog

Issue/Introduction

Customer is trying to assign Group Permissions in Service Catalog under:

Service Offerings > Offerings > (Offering_Name) > Permissions > Groups > Search Groups

When searching for group defined in one AD, the group is able to be added, but the domain name does not appear before the group name.

This results in the permissions not being allowed as intended.

Environment

Release : 17.1

Component : CA SERVICE MGT EMBEDDED ENTITLEMENTS MANAGER

Service Catalog

Multiple AD servers integrate with EEM

Resolution

Workaround

Customer removed Global Group setting in EEM then added the same Global Group Back into the Access policy.

Then customer created a dynamic group that contained the user group defined in one of the ADs. 

Then the Access Policy was modified to add the Dynamic User Group under Identity.