I noticed the fact that the Access Management Connector does not enable inherited parent OU roles on a FIM 2010R2 (hotfix 4.1.3766.0 applied) and another MIM 2016 (hotfix 4.3.2266.0 applied). Both installations are single server installs. The setup is as follows:
One MA getting users and departments from a HR database. Each department has a parent department, each department has a list of users. I am using the SQL management agent with a classic setup. Object type is determined by database attribute, database parent attribute contains parent department identifier, multivalue links multiple users with department
A second MA gets permissions from a test application. Each permission has tow attributes in the connector space, ID and name.
Further there is a BHOLD Access Management Connector with following attribute flows:
I have extension code that does the provisioning into the BHOLD connector space, the result of this provisioning is:
After export to BHOLD I notice that inherited roles are not enabled:
In this screen you can see that department 5 is a child of department 3. BHOLD picks correctly up that there is an inherited role "MR-Department 3", but the role is disabled.
According to the hotfix updates applied this issue should have been resolved, the information of the update packages tell me that:
Issue 3
When you use the Access Management Connector to provision new OUs with a parent OU, all the parent OU roles are inherited but are also disabled.
There is always the possibility that I am doing something wrong, but for me the issue still remains. Does anyone of you have the same issue or know how to resolve it?
Thank you in advance.
Wilke Jansoone