Can an Identity Manager PX Policy Retrieve Provisioning Role Owners Value
search cancel

Can an Identity Manager PX Policy Retrieve Provisioning Role Owners Value

book

Article ID: 238968

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

Is it possible to get the Owners of Provisioning roles? For example if I want to catch a Provisioning Role Owner from inside Data tab in a Policy Xpress, how can I do that? This information is not seen in the Provisioning Repository when looking at the Provisioning Role object.

Environment

All Identity Manager

Resolution

When you create a Provisioning Role part of the information is stored in the IM objectstore database and part of the information is stored in the Provisioning layer. Within the IM objectstore database in the IM_ROLE table there is a record of each provisioning role which has a FRIENDLYNAME and a UNIQUE_NAME which is a unique numeric. The UNIQUE_NAME value can be used to search another IM_OWNER_POLICY table where ROLE column value matches that UNIQUE_NAME value which would be where the owner policy rules are stored. But this is just the rule and not an actual list of owners so it is not useful for what you are trying to get.

PX Policies do not currently have any built in elements to retrieve owners of roles, currently PX Policies only have the functionality of getting the members of roles. You would need to create a product enhancement by opening an Idea in the online communities with Symantec IGA as the category:

https://community.broadcom.com/participate/ideation-home

In reviewing the IM Javadoc I see that the ProvisioningRole Interface inherits getOwners method from the Role Interface and so it looks like you would need to code a custom solution for this type of information.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/programming/ca-identity-manager-programming-reference.html

But keep in mind that PX Policies that invoke external java code cannot return data back so you would need to review the IM Programming Guide for Java to familiarize yourself with what your other options are (i.e. BLTH, LAH, Event Listeners).

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-manager/14-4/programming/programming-guide-for-java.html

Powered by Wolken Software