When assigning Provisioning roles via Policy Xpress, why is the roles search not returning all roles?

book

Article ID: 40903

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Introduction: 

Policy Xpress can be used to assign provisioning roles to users based on certain conditions. When configuring an action, you can browse to existing provisioning roles to assign. 

Question: 

When browsing for Provisioning roles in a Policy Xpress action, why doesn't the search return all the roles? 

Environment:  

Applies to all Identity Manager Environments. 

Answer: 

By default, the search screen for the Action Rules tab in 'Modify Policy Xpress Policy' and the 'Create Policy Xpress Policy' tasks has search screen "Default Provisioning Role Search". This returns only the roles that have an owner and are in scope for the current logged in user. To return all roles, set the search screen to be 'Default Provisioning Role All Search' to return all roles. 

1. In The IM user console, go to Roles and Tasks-> Modify Admin Task.

2. Search for and select the 'Create Policy Xpress Policy' task.

3. In the Tabs tab, click on the 'Action Rules' tab

4. Change the Provisioning Role Search Screen to ''Default Provisioning Role All Search'

5. Save the task. Repeat for the 'Modify Policy Xpress Policy' task. 

<Please see attached file for image>

PX.png

Additional Information:

 N/A

Environment

Release:
Component: IDMGR

Attachments

1558719791442000040903_sktwi1f5rjvs16vfl.png get_app