Symantec IGA

  • Private Community

  • 1.  Admin role scope issue in search results

    Posted Dec 30, 2015 03:20 PM

    Hi All,

     

    We are having one issue for displaying search results with current admin role members scope. Below is the example screen. We are having 2 types accounts 1. Personal 2. Non Personal. Every Non Personal account will have owner i.e type personal account. So that owner can manage that non personal account. when some body set as owner he will get owner admin role. This admin role is defined to display only members of  type non personal accounts belong ing to him. With this admin role user will get one of the capability to change the owner of the Non Personal accounts he is having as owner. Issue we are facing is when non personal account owner logs in, selects the non personal account to change owner, clicks browse button next to owner field, Personal user search form displays with no results.  My understanding here admin role members scope is restricting to display Personal accounts.

     

    How to overcome this situation?

    Any alternative approaches?



  • 2.  Re: Admin role scope issue in search results

    Broadcom Employee
    Posted Dec 31, 2015 07:29 AM

    Hi MK_1

     

    Can you please clarify this further?

    From what I understand, there is an Owner Admin Role. Members of this Admin Role have in their scope Non Personal users "owned" by the Admin - something similar to

    You are saying you now want the "Owner" to be able to change the Non Personal's Owner to be a different one? In which case he would have to be included in the Admin's scope too.

    So adding another Scope policy, for example

    So now Owners are allowed to find another Owners.

    Without knowing the complete logic implemented in your organization, this is just one example (if all Owners are always Personal, of course that could  be eliminated from the policy).

    You might want to tweak it accordingly.

     

    Hope this helps?

     

    Regards

    Rinat Matityahu

    Principal Support Engineer

    CA Technical Support - EMEA



  • 3.  Re: Admin role scope issue in search results

    Posted Dec 31, 2015 03:28 PM

    Hi Rinat,

     

    Thanks for your reply and detailed explanation.

     

    Currently member rule is defined similar to as shown in your first screen.

    In second screen, second member rule  condition not fitting to our requirement. Because for Personal account type user will not have owner admin role until he assigned as owner to any Non Personal account. With this condition it will retrieve only users already having owner admin role. But we need a member rule that will retrieve all Personal users irrespective of owner admin role. I tried with giving member rule scope to all users of type personal, But the problem is by default all Personal users getting owner admin role and it displaying tasks associated with that role.

     

    Regards,

    K. Manohar.



  • 4.  Re: Admin role scope issue in search results

    Broadcom Employee
    Posted Mar 10, 2016 11:55 PM

    Marking "Assumed Answered" due to age.



  • 5.  Re: Admin role scope issue in search results

    Posted Mar 11, 2016 04:21 AM

    The only way I achieved this was including personal, non personal accounts in members scoping rule. So that through search can able to search all personal users  and assign them as owner to Non personal account.

     

    But this will show  alink to all Personal users even though they are not own any  non personal accounts.  But business want to show only the links they belong to.

     

    If CA can able to provide some way/ option to by pass scoping like these scenarios. Well and good.

     

    Also provide some more features like export/ import of single object from DB.