Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Filter missing in task access control

Go to solution
jaisuryan
Active Contributor

on ‎2014 Oct 16 2:57 PM

0 Likes
390

Hi Experts,

System: SAP IDM 7.2 SP9 patch 7 (MS SQL 2012)

I would like to use SQL to decide who can use my task. However I wouldn't find the 'Filter' option in the "Allow access for" field. Is it no more available for use? I wish this is a bug and they bring this option back in further releases. I want to restrict a task for users who doesn't have the attribute 'MX_AUTHQ_001' set, is there a workaround to achieve this?

Kind regards,

Jaisuryan

Screenshot added: Jai Suryan

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎2014 Oct 17 2:50 AM
0 Likes

Hello Jai,

You need to select the Logged inuser / Identity Store Entry option for Allow access for field. Then you can select the filter option at on behalf of dropdown.

PFB the screenshot for your reference.

~ Krishna.

Show replies
Show replies
Steffi_Warnecke
Active Contributor
‎2014 Oct 17 7:50 AM
0 Likes

@Krishna

There is also a filter option for the first dropdown. At least it should be there.

@Jaisuryan

If this is a bug, I wouldn't wait till a new release but open an OSS ticket. We use that filter quite a lot, but I'm on SP8. Somebody on SP9 here, who can check, if they see the option?

I don't think they took this option out, otherwise the field where you put the SQL statement for it would be gone, too.

Did you just update? Maybe something went wrong there.

Regards,

Steffi.

Former Member
‎2014 Oct 17 8:02 AM
0 Likes

Ohk,

In that case, if you want filter to be listed in the Allow access for drop down itself, you need to uncheck the use simplified access control option on Identity store.

~ Krishna

former_member2987
Active Contributor
‎2014 Oct 17 1:00 PM
0 Likes

Be careful with this option.  I believe its use can affect system performance.  I'll have to look through my notes on this.  Tero's option is really the best one.

Former Member
‎2014 Oct 17 3:59 PM
0 Likes

Agree with you Matt. That is the reason it was defaulted to use simple access control.

~ Krishna.

Answers (2)

Answers (2)

jaisuryan
Active Contributor
‎2014 Oct 17 8:45 AM
0 Likes

Thanks Krishna, it worked after we checked the option in Identity store. Hopefully it affects the UI performance only for the tasks which has SQL filters.

Hi Steffi,

I wanted to check with experts here before I confirm its a bug. Even a check box can do alot in IDM
Thanks for your help.

Hi Tero,

Seems legit for a workaround but enabling this option can save some work and time. Thanks for your help again.

Show replies
Show replies
terovirta
Active Contributor
‎2014 Oct 17 8:05 AM
0 Likes 


Jai Suryan wrote:




I would like to use SQL to decide who can use my task. However I wouldn't find the 'Filter' option in the "Allow access for" field. Is it no more available for use? I wish this is a bug and they bring this option back in further releases. I want to restrict a task for users who doesn't have the attribute 'MX_AUTHQ_001' set, is there a workaround to achieve this?

How about just setting privilege/role to the ACLs and assigning that privilege automatically to users? Either to all users and excluding the non-identity type of users or assigning the privilege to the users when the password reset questions are set?

regards, Tero

Show replies
Show replies
Ask a Question