Symantec IGA

  • Private Community

  • 1.  Change role owner for all roles instantly on imported environment

    Posted Aug 23, 2017 08:30 AM

    Hi, all,

    Customer is asking for upgrade CA Identity Manager 12.6.3 to 14.0 (Windows distribution). During the pre-tests we realized that we need to import old environment to new IdM installation (compatibility requests are to change Win OS version, so we need to install a fresh instance of IdM and to import IdM objects US, PD, Environment from production).

    By importing IdM environment we cannot see any provisioning roles, because role owner is changed.

    When we reset provisioning role owner and assign new user to be role owner, then provisioning role become visible and functional. But Clients implementation includes almost 1000 provisioning roles, and it is very hard to do resetting and role owner assignment manually.

    Same thing happens with account templates when we import old environment to new implementation, because we have to reinitialize endpoint name. Client has a lot of account templates as well, so it is very difficult to do it manually.

    Is there any way to do this for all roles and account templates automatically, by executing some script, or some bulk task against new imported environment?

    Thanks!



  • 2.  Re: Change role owner for all roles instantly on imported environment
    Best Answer

    Broadcom Employee
    Posted Aug 23, 2017 08:56 AM

    Hello,

     

    Please for the first aspect of your issue please have a look at my old following tech doc:

    How to perform a "Reset Provisioning Role owner" task in mass. 

     

    Regards,

    Philippe.



  • 3.  Re: Change role owner for all roles instantly on imported environment

    Broadcom Employee
    Posted Aug 23, 2017 10:39 AM

    Hi,

    In addition to what Philippe has already indicated, have you tried using Create Owner Policies for Provisioning Roles task? It allows you to find all provisioning roles that don't have any owner at the moment, select several (or even all) provisioning roles at a time and set the same owner policy for all selected provisioning roles.

     

    Screen Shot of the Create Owner Policies for Prov Roles task

    About your second issue with account templates I am not sure I understand the issue. Are you saying that when you imported the account templates they are not associated with any endpoint? In such a case, how did you import the account templates? The relationship between an account template and an endpoint is defined as an inclusion. So if you imported the templates from Provisioning Server LDIF, you also need to import the related inclusions. See the Provisioning Server LDAP Inclusions object image:

     

    KR

    Russi