No user permissions are assigned in security tab on home Drive

saikumar39 · October 20, 2023, 10:34am

Hi Team,

When we are creating home drive and Exchange using after creation rule from sailpoint somehow no user permissions are assigned in security tab on home Drive, However when we are running script manually from IQ services user permissions are assigned .

Below screen shots for ref:

Trigger from iq Services’ manually : User permissions are Assigned.

Trigger from Sailpoint: User permissions are not Assigned.

Please let me know if we are missing something .

Thank you,
Saikumar

edmarks · October 20, 2023, 5:59pm

Lots of possibilities for that, but my first guess would be permissions and/or the account being used. We recently had a client using a different user in the IQService config (via -a) compared to the service account being used for the windows service that caused some issues.

sunnyajmera · October 20, 2023, 6:15pm

Would you be willing to share your script? I suspect there might be something lacking in it.

saikumar39 · October 23, 2023, 5:54am

Hey Sunny ,

Below permissions I’m using.
$userSID = “Domain$sAMAccountName”
icacls $HomeDirectoryPath /grant $userSID’:(OI)(CI)F’

Please let me know if I’m missing anything here.

Thank you,
Saikumar

edmarks · October 24, 2023, 12:36pm

I totally agree that the full script would be helpful and this likely involves a combination of the scripting, the service account used, the home drive structure/permissions, etc. so it’s not likely to be easy to help without seeing a broader perspective.

sunnyajmera · October 24, 2023, 8:06pm

Do you see this command getting executed? Do you have logging in your code to verify that?

icacls $HomeDirectoryPath /grant “$userSID: (OI)(CI)F”

ArvindSingh30 · October 25, 2023, 2:38pm

Hello Sunny : Sai shared the Powershell script to you.

system · December 24, 2023, 2:39pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.