on 02-23-2022 5:44 PM
Hi All,
I am wondering if there is a way to remove business roles when the linked dyanmic group is removed manually or via task?
I have tried to remove dyanmic groups directly of the user record but does not trigger any reconciliation to remove the business roles it is linked to. As I cannot modify the DG's filter as we are trying to modify the assignments during provisioning, where we have users moving job contract types and therefore certain linked accounts are moved across.
Has anyone found a way to trigger assignment provisioning or deprovisioning without needing to run the uIS_ResolveDynamicGroup function as I dont want it processing it for all the 1000's of using during a provisioning task.
Hi Gowri,
Maybe you need uResolveDGMembership function.
You can find more information here
Regards,
Kaloyan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gowri,
The DG membership is not updated automatically and you have to update the membership.
And the uIS_ResolveDynamicGroup is the function for this job.
To prevent your performance issue, I would suggest making one task that only updates a single or few Dynamic Groups involved.
Below is what I use.
You can modify the SQL query in the source tab of the pass below.
In my example, I only update the Dynamic Groups which start with "DG:HR:".
#1. job for DG update
#2. pass in the job
#3. source tab of the pass
#4. destination tab of the pass
#5. the script.
I hope it helps.
dongsu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gowri,
AFAIK DGs are assigned and unassigned by SQL statement. So a user is either an element of the result of the query or not. According to that the assigned roles or privileges of the DG are assined or unassigned to the user. That's what you use the recalculate DG for.
Maybe I did not understand your problem description...
Regards,
Alex
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alex,
The problem I have is when a person goes from an external user to permanent we transfer all accounts linked over to the new identity store record I want to understand if there is a way I can trigger role removal when we remove the user from DG without needed to run Resolve Dynamic function as that re-evaluates it for the full list and I can't do that as part of a provisioning task as that would have performance impact
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.