Topic
  • 5 replies
  • Latest Post - ‏2012-05-09T18:12:03Z by HomerJSimpson
BalajiVuppuluri
BalajiVuppuluri
87 Posts

Pinned topic Compliance issue for a default attribute service in mark mode

‏2012-05-09T12:31:40Z |
Hi All,

I am facing below issue :

I have a service in mark mode.
I have an attribute set to default in it's provisioning policy.
Service is refered in only this Provisioning Policy.

When this attribute is being modified in person profile by some batch process , the account is becoming non compliant.

mostly the change in attribute is deletion(nullifying) of atribute.

Can you please suggest me as to what information I could be missing.

Thank You !!!
Updated on 2012-05-09T18:12:03Z at 2012-05-09T18:12:03Z by HomerJSimpson
  • LeonilsonLopes
    LeonilsonLopes
    93 Posts

    Re: Compliance issue for a default attribute service in mark mode

    ‏2012-05-09T12:35:03Z  
    Balaji,

    If you click on the symbol "!" next to account, itim will show why this account is non compliant, it will give more information to analyse.

    Regards
    Leonilson Lopes
  • BalajiVuppuluri
    BalajiVuppuluri
    87 Posts

    Re: Compliance issue for a default attribute service in mark mode

    ‏2012-05-09T12:41:14Z  
    Balaji,

    If you click on the symbol "!" next to account, itim will show why this account is non compliant, it will give more information to analyse.

    Regards
    Leonilson Lopes
    Thanks LeonilsonLopes,

    I got the list of attributes that are making account NCA in the way you have specified.
    I checked that attribute and found that the attribute was default.

    during creation I am not getting any issues ,
    but when another batch job is updating this value in person profile(nullifying that attribute) the account is getting non compliant.

    I am trying to get as to why is that happenening .

    As per my undrstainding default attributes should not make accounts non compliant on change of value (or nullyfying).

    Can you please help me out in finding out the cause or correctingmy understanding.

    Thank You !!!
  • HomerJSimpson
    HomerJSimpson
    157 Posts

    Re: Compliance issue for a default attribute service in mark mode

    ‏2012-05-09T16:22:16Z  
    Thanks LeonilsonLopes,

    I got the list of attributes that are making account NCA in the way you have specified.
    I checked that attribute and found that the attribute was default.

    during creation I am not getting any issues ,
    but when another batch job is updating this value in person profile(nullifying that attribute) the account is getting non compliant.

    I am trying to get as to why is that happenening .

    As per my undrstainding default attributes should not make accounts non compliant on change of value (or nullyfying).

    Can you please help me out in finding out the cause or correctingmy understanding.

    Thank You !!!
    It's possible that you are now implicitly excluding any other values, now that you have a default value.

    if this is a multi-value attribute, try adding the attribute to your policy again (in addition to the default one you have), with the following settings:

    Optional
    Regular Expression
    .*

    (the value is dot star)

    What this does is say "anything else".
    With just the single default value, ITIM only knows that value is valid, so could be rejecting anything else.
    With the regular expression above, ITIM will default to the value you explicitly defined...but will also allow any other value you want to set.
  • BalajiVuppuluri
    BalajiVuppuluri
    87 Posts

    Re: Compliance issue for a default attribute service in mark mode

    ‏2012-05-09T16:56:02Z  
    It's possible that you are now implicitly excluding any other values, now that you have a default value.

    if this is a multi-value attribute, try adding the attribute to your policy again (in addition to the default one you have), with the following settings:

    Optional
    Regular Expression
    .*

    (the value is dot star)

    What this does is say "anything else".
    With just the single default value, ITIM only knows that value is valid, so could be rejecting anything else.
    With the regular expression above, ITIM will default to the value you explicitly defined...but will also allow any other value you want to set.
    Hi Homer,

    Now based on your inputs I have few more questions.

    1) By "implicitly excluding any other values" do you mean that I am excluding any other values at target system end ?? If Yes, then I am not excluding anything else at target platform. It accepts all strings.

    2) This is also not a multi value attribute.

    3) Now I have put

    Parameter Type : JavaScript
    Enforcement Type : Default

    Javascript : subject.getProperty(<attributeName>)[0];

    I have setup a work around in java script as below :

    var retval="";
    var attr=subject.getProperty(<attributeName>)[0];
    if(attr!=null)
    retval = attr;
    return retval;

    and this seems working fine. As I mentioned earlier I am facing only while setting nullified values I tried above work around.

    Can you please help me out in understanding the issue.

    Thanks !!!
  • HomerJSimpson
    HomerJSimpson
    157 Posts

    Re: Compliance issue for a default attribute service in mark mode

    ‏2012-05-09T18:12:03Z  
    Hi Homer,

    Now based on your inputs I have few more questions.

    1) By "implicitly excluding any other values" do you mean that I am excluding any other values at target system end ?? If Yes, then I am not excluding anything else at target platform. It accepts all strings.

    2) This is also not a multi value attribute.

    3) Now I have put

    Parameter Type : JavaScript
    Enforcement Type : Default

    Javascript : subject.getProperty(<attributeName>)[0];

    I have setup a work around in java script as below :

    var retval="";
    var attr=subject.getProperty(<attributeName>)[0];
    if(attr!=null)
    retval = attr;
    return retval;

    and this seems working fine. As I mentioned earlier I am facing only while setting nullified values I tried above work around.

    Can you please help me out in understanding the issue.

    Thanks !!!
    I've tried configuring the same, and don't see what you're seeing.

    Might be you're running into something that has since been fixed..or have some other issue related to your use-case, data, script.

    Either way, you should probably contact IITIM support to see if they can help you figure out what's going on.