January 28, 2008
For the latest version of the Readme, visit the Roles Based Provisioning Module documentation Web page.
1.0 General Issues
1.1 Problems running Designer on Windows XP using the Windows Classic Theme
1.2 Problems with Outline view refresh after Import
2.0 Provisioning View
2.1 Problems with Provisioning view refresh
2.2 Localization and national characters
2.3 Document Generator incorrectly generates provisioning object documentation
2.4 Deleting protected objects does not display error message
2.5 Adding a new locale to the roles resource group does not make the locale available to Roles Tab
2.6 Problems exporting localization data for provisioning teams and provisioning request definitions
3.0 Role Catalog
3.1 Specifying custom SoD provisioning request definitions
3.2 Copying roles across drivers
3.3 Importing roles
3.4 Problems modifying trustees for a role
3.5 Adding undeployed Entitlement to role might cause misleading validation message
3.6 Problems with delete button in Role Editor Entitlements and Contained Roles Sections
3.7 Export of SoD does not preserver default approvers selection
4.0 Provisioning Teams
4.1 Provisioning team wizard no longer allows single quotes in CN
5.0 Provisioning Request Definition Editor
5.1 Problems with provisioning request definitions and dynamic assigned rights
5.2 Problems with provisioning request definition editor refresh after import
5.3 Problems removing trustees from multiple provisioning request definitions
5.4 Problems editing trustees for multiple provisioning request definitions
If you run Designer on Windows XP using the Windows Classic Theme, you might encounter problems when you tab between radio buttons. The radio buttons disappear. To work around this problem, use the Windows XP theme.
You might encounter refresh problems when importing provisioning objects using Designer's outline view. For example, if you import a provisioning request definition using the Outline view, you might not see the object in the Outline view after the import completes. To workaround this problem, you can either restart Designer after performing the import from the Outline view, or use the Provisioning view to perform any import operations. The Provisioning view is the preferred method for performing actions (edit, import, export, deploy) on provisioning objects.
When you delete certain objects from the Modeler view (for example, the User Application driver or the Identity Vault) the Provisioning view does not always refresh automatically to reflect the changes. Even though these objects still display in the Provisioning view, they do not function properly. To ensure that both views are synchronized, refresh the Provisioning view after making changes in the Modeler view. The Refresh button is available in the Provisioning view's toolbar.
If you export localization data that contains national characters (for example, the Danish ורז character) in XML format, you cannot use Wordpad to edit the file. If you use Wordpad to edit an XML file containing localization data, the characters are not displayed correctly. If you export localization data that contains national characters (for example, the Danish ורז character)to a properties file, the national characters are always escaped.
The Document Generator tool uppercases letters and inserts spaces in some provisioning object documentation. For example, a list key of integrationActivity becomes Integration Activity.
If you select both protected and unprotected provisioning objects, then attempt to delete the set, the Provisioning view does not perform an action. It should notify you that the set of objects cannot be deleted because it includes one or more protected objects.
To add a locale to Roles tab, you must add it to the following Localization Resource groups:
If you add it to only the Roles localization resource group, the locale will not appear as an option in the localization dialog box.
When you export provisioning team and provisioning request definition data using Localize > Export Localization Data, the generated output files are locked. To workaround this problem, restart Designer to release the locks.
The Roles Catalog editors do not allow you to specify a custom SoD conflict approval provisioning request definition. Use the Roles tab of the User Application (Role Management > Configure Role Subsystem) to specify the name of a custom SoD conflict approval provisioning request definition.
When you copy a role from one driver to another, you cannot paste the copied role more than once. If you need multiple copies of the same role, copy the role from the source driver to the target driver, then use the copy/paste within the target driver to make additional copies.
If you attempt to import a roles container, and that container includes roles that already exist in the target driver the import will fail; however, the Import Results dialog incorrectly states that the import of the container was successful.
If you modify the Trustees for an existing role, save your changes, then redeploy it, Designer prevents the redeploy. Designer displays a message that the roles are equal. To work around this problem, modify some other property for the role, then redeploy.
If you create a new entitlement (but do not deploy it), then add the entitlement to an existing (and deployed) role, Designer's project checker generates a validation error message because the entitlement is not yet deployed. If you then deploy the entitlement, then run Project Checker against the role, the validation message is still generated. You can prevent this second occurrence of the validation message from occurring in one of these ways:
If you delete the first row of the table in either the Contained Roles or Entitlements sections, then undo the deletion, the delete button is disabled. You might have to click within the table twice before the delete button is enabled.
When you export an SOD definition (either as part of a driver export or as a single object export),
the export does not preserve the Use Default Approvers selection. As a result, you might encounter validation errors.
To work around this problem, review the Use Default Approvers selection after you import the definitions to make sure the selection is correct.
The Provisioning Team wizard no longer allows you to use single quotes in the CN field. The valid characters are alphanumeric, underscore (_), dash (-), and spaces.
When you deploy a provisioning request definition whose trustee is defined as a dynamic group, the trustee information in the Identity Vault is modified
so that the Dynamic Assigned Rights checkbox is unselected for the All Attribute Rights and Entry Rights properties.
When these properties are unselected, the provisioning request definition is not visible User Application. To work around this problem, use iManager > Modify Trustees and select the Dynamic Assigned Rights checkbox on the provisioning request definition
within the User Application driver.
You might not see the most recent values for a provisioning request definition after performing an import. For example, if you:
You might encounter problems when you select multiple provisioning request definitions and attempt to delete ALL of the trustees. The delete will work as long as you do not choose to delete them all. To work around this problem, you can delete the trustees from each individual provisioning request definition.
You might encounter problems when you select two or more provisioning request definitions (whose Process Type is Role approval), and edit the trustees for these definitions. One or more of the definitions might become read-only. To work around this problem, select one Role approval provisioning request definition at a time to edit the trustees.