none
Managing Group membership via Bhold RRS feed

  • Question

  • Hi All,

    I have faced a problem with Bhold (RBAC) logic in FIM 2010R2.

    I realized group membership management via BHold suite. According Bhold concept, by default there are 2 types of roles - MR- roles which provided according OrgUnit information (in my case, from HR database) and PR- roles which can be modified, in my case, from ServiceDesk. 

    I send ActiveDirectory membership changes from external system (ServiceDesk) to MIM, then to AD. All commands manage group.member attribute in MIM. When a request is related with PR- role it`s processed fine - AD group modified, role model is correct.

    But when a request is related with MR- role it`s processed but I expect another result - AD group modified but role model is incorrert. For example, Bhold doesn`t prevent me to delete a member from group where he should be by role model. But if I open User card in BHold and click Modify then Done, user`s permission will come back. I expected that BHold either 1)prevented from delete user permission which was provided by MR- role or 2) return this permission on Bhold Import flow step.

    Please advice how to fix it.

    Best Regards,

    Emil

    Technical information: MIM 2010 R2 version 4.3.1935.0, Bhold version 5.0.3079.

    Friday, March 31, 2017 7:53 AM

Answers

  • A workaround was found. It`s needed to use Bhold web-service in Bhold MA extension - function userupdate.

    Emil Valiev

    • Marked as answer by Emil Valiev Thursday, January 18, 2018 1:57 PM
    Thursday, January 18, 2018 1:57 PM

All replies

  • Emil I am trying to wrap my head on your setup and configuration. I think the best way to get your issue resolved is opening a case so we can look at your scenario and configuration on the re-population is coming from (inheritance,aba rule) etc ...

    Kind regards, David David Steadman - MIM Engineering Lead

    Thursday, May 11, 2017 2:02 PM
    Moderator
  • Hi David,

    We opened a case in Microsoft. But unfortunately nobody can help us accoding this issue.

    Best Regards,

    Emil

    Wednesday, June 21, 2017 7:15 AM
  • A workaround was found. It`s needed to use Bhold web-service in Bhold MA extension - function userupdate.

    Emil Valiev

    • Marked as answer by Emil Valiev Thursday, January 18, 2018 1:57 PM
    Thursday, January 18, 2018 1:57 PM